CVE-2026-4660

ADVISORY - github

Summary

HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - github

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - redhat

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

NIST

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-4660⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

GitHub

CREATED

1 day ago

UPDATED

4 hours ago

ADVISORY IDGHSA-92mm-2pjq-r785⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Debian

CREATED

20 hours ago

UPDATED

11 hours ago

ADVISORY IDCVE-2026-4660⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 hours ago

UPDATED

2 hours ago

ADVISORY IDCVE-2026-4660⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

1 day ago

UPDATED

6 hours ago

ADVISORY IDCVE-2026-4660⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high