What is CVE-2026-11572?

CVE-2026-11572 is a high-severity vulnerability, classified under OS Command Injection. CVSS score: 8.8/10. Published 2026-06-09.

How severe is CVE-2026-11572?

High severity. CVSS v3 base score is 8.8 out of 10.

CVE-2026-11572

CVE-2026-11572

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec() method by _cloneWithGit() and fetchR…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Weakness classification (CWE)

CWE-78 — OS Command Injection
CWE-77 — Command Injection

References

report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io

Frequently asked questions

What is CVE-2026-11572?: CVE-2026-11572 is a high-severity vulnerability, classified under OS Command Injection. CVSS score: 8.8/10. Published 2026-06-09.
How severe is CVE-2026-11572?: High severity. CVSS v3 base score is 8.8 out of 10.