CVE-2026-45261
Deferred Deferred - Pending Action
Remote Code Execution in GitButler Desktop App

Publication date: 2026-05-28

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows for arbitrary script execution in the Tauri webview. Users that have not enabled forge integration are not at risk. This vulnerability is fixed in 0.19.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-01
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-45261
EUVD
EUVD-2026-32944
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
gitbutlerapp gitbutler to 0.19.7 (exc)
gitbutlerapp gitbutler 0.19.7
gitbutler gitbutler to 0.19.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45261 is a critical remote code execution vulnerability in the GitButler Desktop App versions 0.19.6 and earlier. It occurs due to a link injection flaw in the Tauri-based application's forge integration. An attacker can embed a malicious link in a pull request body, and if a user clicks this link, arbitrary script execution happens within the Tauri webview.

Users who have not enabled forge integration are not vulnerable to this issue. The vulnerability has been fixed in version 0.19.7.

Impact Analysis

This vulnerability can have a critical impact on your system's confidentiality, integrity, and availability. If exploited, an attacker can execute arbitrary scripts remotely by tricking a user into clicking a malicious link in a pull request.

The attack requires low privileges, no special complexity, and active user interaction, making it relatively easy to exploit. This can lead to compromise of the vulnerable system and potentially other connected systems.

Detection Guidance

This vulnerability arises from a malicious link injected in a pull request body that, when clicked by the user, executes arbitrary scripts in the GitButler Tauri webview. Detection involves identifying if users have clicked suspicious links in pull requests within the GitButler desktop application versions 0.19.6 and earlier.

Since the vulnerability requires user interaction (clicking a malicious link), network detection could focus on monitoring HTTP/HTTPS traffic for suspicious or unexpected links in pull request bodies or related GitButler traffic.

There are no specific commands provided in the available resources to detect exploitation or presence of this vulnerability on a system or network.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade the GitButler desktop application to version 0.19.7 or later, where the issue is fixed.

If upgrading is not immediately possible, disable the forge integration feature in GitButler, as users without forge integration enabled are not vulnerable.

Compliance Impact

The vulnerability allows an attacker to execute arbitrary scripts by injecting malicious links in pull request bodies, potentially compromising confidentiality, integrity, and availability of the affected system.

Such a compromise could lead to unauthorized access or data breaches, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and system integrity.

However, the provided information does not explicitly state the direct effects on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45261. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart