PT-2026-35269 · Intina47 · Context-Sync

Mida

Published

2026-04-26

Updated

2026-05-23

CVE-2026-7062

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Intina47 context-sync versions prior to 2.0.0

Description A flaw in the Git Integration component, specifically within the src/git-integration.ts file, allows for remote OS command injection. This occurs when an attacker sends specially crafted data that the system executes as a system-level command.

Recommendations Update to a version later than 2.0.0. As a temporary workaround, restrict access to the Git Integration component to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-7062

Affected Products

Context-Sync

PT-2026-35269 · Intina47 · Context-Sync

CVE-2026-7062

Weakness Enumeration

Related Identifiers

Affected Products

References · 10