CVE Vulnerabilities

CVE-2026-41506

Insufficiently Protected Credentials

Published: May 08, 2026 | Modified: Jun 17, 2026
CVSS 3.x
7.4
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

NameVendorStart VersionEnd Version
Go-gitGo-git_project*5.18.0 (excluding)
Go-gitGo-git_project6.0.0-alpha1 (including)6.0.0-alpha1 (including)
Red Hat Hardened ImagesRedHatsyft-main-1.44.0-0.3.hum1*
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9:1782932114*
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9-operator:1782931768*
Red Hat Openshift Data Foundation 4.22RedHatodf4/devicefinder-rhel9:1782932104*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-core-rhel9:1783536000*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-rhel9-operator:1783535989*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-console-rhel9:1783536515*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-rhel9-operator:1782932521*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-metrics-exporter-rhel9:1783018461*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-rhel9-operator:1783018421*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-blackbox-exporter-rhel9:1782932812*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cli-rhel9:1783537001*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cloudnative-pg-rhel9-operator:1782932919*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-console-rhel9:1783537586*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cosi-sidecar-rhel9:1782932969*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-rhel9-operator:1782933015*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-sidecar-rhel9:1782933042*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-drbd-rhel9:1783537392*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-rhel9-operator:1782933235*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-sidecar-rhel9:1782933251*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-console-rhel9:1783537955*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-rhel9-operator:1782933417*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-must-gather-rhel9:1783537742*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-rhel9-operator:1782933602*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-rhel9-operator:1783019377*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-mover-rhel9:1782934054*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-rhel9-operator:1782934036*
Red Hat Openshift Data Foundation 4.22RedHatodf4/rook-ceph-rhel9-operator:1782934284*
Golang-github-go-git-go-gitUbuntuquesting*

Potential Mitigations

References