simple-git patches RCE via --config option injection
TL;DR - simple-git option filtering blocked -c but not --config, so attacker-controlled options can re-enable dangerous Git protocols and reach RCE via ext:: clone sources.
What happened
simple-git is a Node.js wrapper that shells out to the git CLI, commonly used anywhere code needs to clone, fetch, or inspect repos.
CVE-2026-6951 is a critical RCE issue caused by an incomplete prior fix: simple-git blocks the -c option, but the equivalent long-form --config is still allowed. If untrusted input can reach the options argument passed to simple-git, an attacker can set protocol.ext.allow=always and then use an ext:: clone source to execute code.
This is a recurring high-leverage failure mode for developer tooling: when untrusted input influences git invocation, you are one parsing gap away from turning “clone a repo” into “run arbitrary commands”, especially in CI and multi-tenant automation.
Who is impacted
- Projects using
simple-gitversions< 3.36.0. - Highest-risk deployments are those where attacker-controlled inputs can influence
simple-git'soptionsargument (directly or via higher-level wrappers), particularly in CI/CD, build services, and “import a repo URL” features.
| Item | Source value |
|---|---|
| Affected package | simple-git (npm) |
| Affected versions | < 3.36.0 |
| Severity | CVSS 3.1 9.8 (Critical); CVSS 4.0 9.2 (Critical) |
| Exploit maturity (source) | Proof of Concept |
What to do now
- Follow vendor remediation guidance and apply a release that is not in the affected range.
"Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE)"
- Inventory where
simple-gitis used and specifically audit call sites that pass anoptionsarray or build option strings from external inputs (HTTP params, repo metadata, webhook payloads, SCM events). - Until you are confident you are on a patched version, treat
optionsas a high-risk API surface:- avoid passing user-controlled values into
options - enforce an allowlist of known-safe flags at the application boundary (not a blocklist)
- avoid passing user-controlled values into
- If compromise is suspected, review CI and service logs for unexpected
gitinvocations and rotate credentials exposed to the affected runtime (deploy keys, tokens, registry credentials).
Related
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.