CVE ID :CVE-2026-6951 Published : April 25, 2026, 5 a.m. | 1 hour, 15 minutes ago Description :Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912]() that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still achieve remote code execution by enabling protocol.ext.allow=always and using an ext:: clone source. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...