CVE-2026-11968

Summary

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit

Affected Software

VendorProductVersion RangeStatus
TortoiseGit teamTortoiseGit1.8.10.0 < 2.19.0affected

Weaknesses

  • CWE-88: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References