CVE-2026-40034 | gitoxide gix-submodule up to 0.81.x Submodule::update command injection

A vulnerability classified as critical was found in gitoxide gix-submodule up to 0.81.x. Affected by this issue is the function Submodule::update. The manipulation of the argument update results in command injection.

This vulnerability is reported as CVE-2026-40034. The attack requires a local approach. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More