{"id":"CVE-2026-11968","summary":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit","details":"Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit","modified":"2026-07-15T01:49:20.345656974Z","published":"2026-06-24T09:33:49.575Z","database_specific":{"cna_assigner":"GitLab","cwe_ids":["CWE-88"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11968.json"},"references":[{"type":"WEB","url":"https://tortoisegit.org/issue/4269"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11968.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-11968"},{"type":"FIX","url":"https://gitlab.com/tortoisegit/tortoisegit/-/commit/7052e3ef61cd104f8a90fb3dcdfb403cbc8c1773"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/tortoisegit/tortoisegit","events":[{"introduced":"e8dfbe47156bef36f03eb876d492120b54c8615d"},{"fixed":"7052e3ef61cd104f8a90fb3dcdfb403cbc8c1773"}],"database_specific":{"extracted_events":[{"introduced":"1.8.10.0"},{"fixed":"2.19.0"}],"source":["AFFECTED_FIELD","REFERENCES"]}}],"versions":["REL_2.18.0.0_EXTERNAL","REL_2.17.0.2_EXTERNAL","REL_2.17.0.1_EXTERNAL","REL_2.17.0.0_EXTERNAL","REL_2.16.0.0_EXTERNAL","REL_2.15.0.0_EXTERNAL","REL_2.14.0.0_EXTERNAL","REL_2.13.0.0_EXTERNAL","REL_2.12.0.0_EXTERNAL","REL_2.11.0.0_EXTERNAL","REL_2.10.0.0_EXTERNAL","REL_2.9.0.0_EXTERNAL","REL_2.8.0.0_EXTERNAL","REL_2.7.0.0_EXTERNAL","REL_2.6.0.0_EXTERNAL","REL_2.5.0.0_EXTERNAL","REL_2.4.0.0_EXTERNAL","REL_2.3.0.0_EXTERNAL","REL_2.2.0.0_EXTERNAL","REL_2.0.0.0_EXTERNAL","REL_1.8.16.0_EXTERNAL","REL_1.8.15.0_EXTERNAL","REL_1.8.14.0_EXTERNAL","REL_1.8.13.0_EXTERNAL","REL_1.8.12.0_EXTERNAL","REL_1.8.10.0_EXTERNAL"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11968.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}