Executive Summary
A critical remote code execution vulnerability (CVE-2026-6951) has been discovered in simple-git, a popular Node.js npm package used to run git commands programmatically. The flaw carries a CVSS score of 9.8 and stems from an incomplete fix applied to address CVE-2022-25912.
The original fix blocked the -c git option from being passed via untrusted input. However, the fix failed to account for the equivalent long-form flag --config, allowing attackers to inject arbitrary git configuration options and achieve remote code execution if untrusted input reaches the git operation's option parameters.
All versions of simple-git before 3.36.0 are vulnerable. Developers should update immediately.
Vulnerability Overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-6951 |
| CVSS Score | 9.8 (Critical) |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CWE | CWE-78 — Improper Neutralization of Special Elements in OS Commands |
| Type | Remote Code Execution via Command Injection |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Patch Available | Yes — version 3.36.0 |
| NVD Status | Published 2026-04-25 |
Affected Versions
| Package | Affected Versions | Fixed Version |
|---|---|---|
| simple-git (npm) | All versions before 3.36.0 | 3.36.0 |
Technical Analysis
Root Cause
The simple-git library allows Node.js applications to invoke git operations by constructing command-line arguments from application-controlled data. When untrusted user input flows into git operation options, there is a risk of argument injection.
CVE-2022-25912 previously identified that an attacker could inject the -c flag to override git configuration options — enabling code execution via hooks such as core.editor, core.pager, or credential.helper. The maintainers patched this by blocklisting the -c short form.
CVE-2026-6951 reveals that the blocklist was incomplete. Git accepts --config as a fully equivalent long-form alternative to -c. The fix for CVE-2022-25912 never sanitized --config, leaving the injection surface open:
// Vulnerable pattern — if userInput is attacker-controlled
await git.clone(repoUrl, destination, ['--config', userInput]);
// Attacker supplies: core.sshCommand=touch /tmp/pwned
// Resulting git invocation:
// git clone <url> <dest> --config core.sshCommand=touch /tmp/pwnedWhen git processes --config core.sshCommand=<command>, it executes the specified command for SSH operations, providing a reliable code execution path.
Attack Flow
1. Application uses simple-git and passes untrusted data into git options
2. Attacker injects --config with a malicious key=value pair
3. simple-git constructs a git command including --config <attacker-payload>
4. git executes the command, reading attacker-controlled configuration
5. Depending on the injected key:
- core.sshCommand → executes arbitrary shell command on SSH use
- credential.helper → executes arbitrary program for credential resolution
- core.editor / core.pager → executes arbitrary program on applicable operations
6. Attacker achieves RCE in the context of the Node.js processWhy CVSS 9.8
| Metric | Value | Reason |
|---|---|---|
| No authentication | PR:N | Any network-accessible code path accepting untrusted git options is exploitable |
| No user interaction | UI:N | Fully automated exploitation |
| Low complexity | AC:L | Well-understood injection pattern; tooling available |
| Full C/I/A impact | H/H/H | RCE grants full control of the host process and file system |
The impact is compounded by the widespread use of simple-git — it has tens of millions of weekly downloads and is embedded in many CI/CD pipelines, developer tools, and web applications.
Impact Assessment
| Impact Area | Description |
|---|---|
| Remote Code Execution | Arbitrary OS commands executed via git config injection |
| CI/CD Pipeline Compromise | Build servers using simple-git may be hijacked |
| Source Code Theft | Attacker can read repositories and credentials stored in environment |
| Credential Exfiltration | Git credential helpers expose stored tokens and passwords |
| Lateral Movement | RCE on a build server enables movement to connected infrastructure |
| Supply Chain Risk | Compromised builds may inject malicious code into downstream software |
Immediate Remediation
Step 1: Update simple-git
# npm
npm update simple-git
# Verify installed version
npm list simple-git
# Expected: simple-git@3.36.0 or higher
# yarn
yarn upgrade simple-git
# pnpm
pnpm update simple-gitStep 2: Audit for Vulnerable Usage
Search your codebase for patterns where user-controlled input may reach git options:
# Find usages of simple-git in your codebase
grep -r "simple-git\|require('simple-git')\|from 'simple-git'" src/ --include="*.ts" --include="*.js"
# Look for dynamic option construction
grep -rn "clone\|pull\|fetch\|push" src/ --include="*.ts" | grep -v "// " | head -50Step 3: Input Validation (Defense in Depth)
Even after patching, validate any user-supplied data that flows into git operations:
import simpleGit from 'simple-git';
// BAD: untrusted input in options
async function cloneRepo(url: string, options: string[]) {
await simpleGit().clone(url, '/tmp/repo', options); // vulnerable
}
// GOOD: validate and allowlist options
const ALLOWED_OPTIONS = ['--depth', '--branch', '--single-branch'];
async function cloneRepo(url: string, options: string[]) {
const safeOptions = options.filter(opt =>
ALLOWED_OPTIONS.some(allowed => opt.startsWith(allowed))
);
await simpleGit().clone(url, '/tmp/repo', safeOptions);
}Step 4: Audit for Compromise
If your application may have been exposed prior to patching:
# Check for unexpected processes spawned by your Node.js application
ps aux | grep -E "node|git"
# Review system logs for unexpected command executions
journalctl -u your-service --since "7 days ago" | grep -i "error\|exec\|spawn"
# Look for unexpected files created recently
find /tmp /var/tmp -newer /etc/passwd -type f 2>/dev/nullDetection Indicators
| Indicator | Description |
|---|---|
--config in git command logs | Unexpected configuration options in process arguments |
core.sshCommand or credential.helper in git logs | Injected git config keys |
| Unexpected child processes from Node.js | RCE via spawned shell commands |
| Outbound network connections from build servers | Post-exploitation C2 or exfiltration |
| Unexpected file modifications in /tmp | Attacker proof-of-concept artifacts |
Post-Remediation Checklist
- Update simple-git to 3.36.0 or later in all affected projects
- Audit all codepaths where user input reaches git operations
- Implement strict input validation and option allowlisting
- Review CI/CD pipeline logs for unexpected git --config usage
- Rotate any git credentials, tokens, or SSH keys accessible to the build environment
- Check for unauthorized changes to build artifacts or deployed code
- Monitor for signs of supply chain compromise in downstream dependencies