Skip to content
CVSS 7.3 · HIGH

CVE-2026-7062

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Ver en NVD

Análisis

This is an OS command injection vulnerability in context-sync, a niche utility for git integration. While the severity is high and a public exploit exists, the software appears to be an obscure or low-volume package without significant adoption in the broader developer ecosystem.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-77CWE-78

EPSS

Probabilidad de explotación (próx. 30 días): 0.0176 (1.8%)
Percentil: 82.7%
EPSS: 2026-05-06

Descripción técnica

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Publicada: 26/4/2026, 23:16:21
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo