PT-2026-7181 · Go-Git+3 · Go-Git+3

N0Zom1Z0

·

Published

2026-02-09

·

Updated

2026-05-18

·

CVE-2026-25934

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.16.5
Description go-git is a Git implementation library written in Go. A flaw exists in how go-git handles the integrity verification of .pack and .idx files. Specifically, data integrity values were not properly verified, potentially allowing the consumption of corrupted files. This could lead to errors such as 'object not found' during operations involving fetched packfiles from Git servers or locally generated pack indexes. Packfiles contain checksums to ensure data integrity during client downloads. The incorrect verification process bypassed these checks.
Recommendations Update to version 5.16.5 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-354

Related Identifiers

BDU:2026-05592
CLEANSTART-2026-AC12204
CLEANSTART-2026-AM88528
CLEANSTART-2026-BU65096
CLEANSTART-2026-BY85815
CLEANSTART-2026-CK42797
CLEANSTART-2026-CY45415
CLEANSTART-2026-DQ17669
CLEANSTART-2026-DR75226
CLEANSTART-2026-DS30740
CLEANSTART-2026-DV04077
CLEANSTART-2026-DZ05206
CLEANSTART-2026-ER93728
CLEANSTART-2026-FC24138
CLEANSTART-2026-FF20499
CLEANSTART-2026-FF98917
CLEANSTART-2026-FQ05951
CLEANSTART-2026-FV86809
CLEANSTART-2026-FX27781
CLEANSTART-2026-GM63718
CLEANSTART-2026-HK06185
CLEANSTART-2026-IA56615
CLEANSTART-2026-JW58725
CLEANSTART-2026-LO26058
CLEANSTART-2026-LS30652
CLEANSTART-2026-LS98939
CLEANSTART-2026-LU21824
CLEANSTART-2026-MA32024
CLEANSTART-2026-MK01488
CLEANSTART-2026-MK10646
CLEANSTART-2026-MK40719
CLEANSTART-2026-ML41879
CLEANSTART-2026-MW73882
CLEANSTART-2026-NI04192
CLEANSTART-2026-NT80635
CLEANSTART-2026-OA82425
CLEANSTART-2026-OD47693
CLEANSTART-2026-OX06978
CLEANSTART-2026-PP64690
CLEANSTART-2026-PW57640
CLEANSTART-2026-QB67682
CLEANSTART-2026-QF85840
CLEANSTART-2026-QK02462
CLEANSTART-2026-QV77143
CLEANSTART-2026-RU00721
CLEANSTART-2026-SN90101
CLEANSTART-2026-TT42218
CLEANSTART-2026-UQ43569
CLEANSTART-2026-VJ56922
CLEANSTART-2026-VT65447
CLEANSTART-2026-WD32090
CLEANSTART-2026-WN01990
CLEANSTART-2026-YW12690
CVE-2026-25934
GHSA-37CX-329C-33X3
GO-2026-4473
OPENSUSE-SU-2026:10618-1
OPENSUSE-SU-2026:10651-1
OPENSUSE-SU-2026:20702-1
OPENSUSE-SU-2026:20752-1
OPENSUSE-SU-2026:20809-1
SUSE-SU-2026:0757-1
SUSE-SU-2026:1411-1
SUSE-SU-2026:21793-1
USN-8088-1

Affected Products

Linuxmint
Red Os
Ubuntu
Go-Git