{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/directory-modification/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":5.4,"id":"CVE-2026-45571"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["go-git"],"_cs_severities":["high"],"_cs_tags":["cve","go-git","git","directory modification","code execution"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-45571 is a critical vulnerability affecting the go-git library, a popular Go implementation of Git. This flaw allows a malicious actor to craft a Git repository that, when processed by a vulnerable application using go-git, can modify the \u003ccode\u003e.git\u003c/code\u003e directories of both the main repository and its submodules. This modification could be leveraged to overwrite configuration files, inject malicious Git hooks, or otherwise compromise the integrity of the repository and the system on which it resides. Successful exploitation could lead to arbitrary code execution or sensitive information disclosure. Defenders should prioritize identifying and mitigating applications utilizing vulnerable versions of go-git.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Git repository containing specially crafted files or symbolic links designed to manipulate \u003ccode\u003e.git\u003c/code\u003e directories.\u003c/li\u003e\n\u003cli\u003eA user or automated system clones or interacts with the malicious repository using a vulnerable version of go-git.\u003c/li\u003e\n\u003cli\u003eThe vulnerable go-git library processes the malicious repository content without proper validation or sanitization.\u003c/li\u003e\n\u003cli\u003eThe crafted content overwrites or modifies configuration files within the main repository\u0026rsquo;s \u003ccode\u003e.git\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eThe crafted content also propagates to any submodules present, modifying their respective \u003ccode\u003e.git\u003c/code\u003e directories.\u003c/li\u003e\n\u003cli\u003eThe modification of \u003ccode\u003e.git\u003c/code\u003e directories allows the attacker to inject malicious Git hooks (e.g., pre-commit, post-receive).\u003c/li\u003e\n\u003cli\u003eWhen a user performs Git operations (e.g., commit, push, pull), the injected malicious hooks are executed.\u003c/li\u003e\n\u003cli\u003eThe malicious hooks execute arbitrary code, potentially leading to complete system compromise or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45571 can have severe consequences. An attacker could gain arbitrary code execution on systems using vulnerable versions of go-git. This could lead to data breaches, system compromise, and denial-of-service attacks. The vulnerability poses a significant risk to organizations that rely on go-git for managing source code, configuration files, or other sensitive data within Git repositories. The lack of specific victim count data makes assessing the total impact difficult, but the wide usage of go-git implies a potentially broad attack surface.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade go-git to a patched version that addresses CVE-2026-45571.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect Go-Git .git Directory Modification\u0026rdquo; to detect potential exploitation attempts in real-time.\u003c/li\u003e\n\u003cli\u003eReview and audit existing Git repositories for suspicious files or symbolic links that could be used to exploit this vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor file system events within \u003ccode\u003e.git\u003c/code\u003e directories using the Sigma rule \u0026ldquo;Detect Git Hook Creation in .git Directory\u0026rdquo; to identify unauthorized modifications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T07:25:12Z","date_published":"2026-05-28T07:25:12Z","id":"https://feed.craftedsignal.io/briefs/2026-05-go-git-dir-mod/","summary":"CVE-2026-45571 is a vulnerability in go-git that allows crafted repositories to modify main and submodule .git directories, potentially leading to arbitrary code execution or information disclosure.","title":"CVE-2026-45571 go-git Crafted Repositories Modify .git Directories","url":"https://feed.craftedsignal.io/briefs/2026-05-go-git-dir-mod/"}],"language":"en","title":"CraftedSignal Threat Feed — Directory Modification","version":"https://jsonfeed.org/version/1.1"}