{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7062", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-26T07:07:18.190Z", "datePublished": "2026-04-26T22:15:12.951Z", "dateUpdated": "2026-04-27T20:13:34.907Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T22:15:12.951Z"}, "title": "Intina47 context-sync Git Integration git-integration.ts os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "Intina47", "product": "context-sync", "versions": [{"version": "2.0", "status": "affected"}], "modules": ["Git Integration"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-26T09:12:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "MidA (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/359637", "name": "VDB-359637 | Intina47 context-sync Git Integration git-integration.ts os command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/359637/cti", "name": "VDB-359637 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/798614", "name": "Submit #798614 | Intina47 context-sync 2.0.0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Intina47/context-sync/issues/31", "tags": ["issue-tracking"]}, {"url": "https://github.com/wing3e/public_exp/issues/22", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/Intina47/context-sync/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T20:13:09.246686Z", "id": "CVE-2026-7062", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T20:13:34.907Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Intina47 context-sync Git Integration git-integration.ts os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "MidA (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Intina47", "modules": ["Git Integration"], "product": "context-sync", "versions": [{"status": "affected", "version": "2.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-26T09:12:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359637", "name": "VDB-359637 | Intina47 context-sync Git Integration git-integration.ts os command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/359637/cti", "name": "VDB-359637 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/798614", "name": "Submit #798614 | Intina47 context-sync 2.0.0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Intina47/context-sync/issues/31", "tags": ["issue-tracking"]}, {"url": "https://github.com/wing3e/public_exp/issues/22", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/Intina47/context-sync/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T22:15:12.951Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7062", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T20:13:09.246686Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-27T20:13:29.309Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-7062", "state": "PUBLISHED", "dateUpdated": "2026-04-26T22:15:12.951Z", "dateReserved": "2026-04-26T07:07:18.190Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-26T22:15:12.951Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."}], "id": "CVE-2026-7062", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-26T23:16:21.093", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Intina47/context-sync/"}, {"source": "cna@vuldb.com", "url": "https://github.com/Intina47/context-sync/issues/31"}, {"source": "cna@vuldb.com", "url": "https://github.com/wing3e/public_exp/issues/22"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/798614"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359637"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359637/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "context-sync", "source": "cna", "vendor": "Intina47"}, "product": "context-sync", "vendor": "intina47"}], "analysis": {"en": {"generated_at": "2026-04-28T05:03:08.364250+00:00", "value": {"mitigation_remediation": ["Upgrade Intina47 context-sync to the latest release that contains the fix for the Git Integration command injection.", "If upgrade is not immediately possible, remove or disable the Git Integration feature or any command execution paths that accept untrusted input.", "Validate and sanitize all inputs that reach OS command execution and avoid directly passing user\u2011controlled strings to the shell."], "summary": {"action": "Apply Patch", "impact": "Remote OS command execution"}, "threat_synthesis": {"affected_systems": "Affected systems include all deployments of Intina47 context-sync with versions 1.x through 2.0.0, regardless of environment, as the vulnerable code path is present in the component named Git Integration. The component is available in the open\u2011source repository and may be used in web applications, CI/CD pipelines, or services that interact with Git repositories. Any installation that relies on the unpatched source code is vulnerable.", "description_and_impact": "A remote attacker can exploit unsanitized user input in the Git Integration component of Intina47 context-sync to inject arbitrary operating\u2011system commands. The flaw resides in src/git\u2011integration.ts and is classified as CWE\u201177 and CWE\u201178. Successful exploitation would allow the attacker to execute arbitrary commands on the host running the application, potentially compromising confidentiality, integrity, and availability of the affected system. The vulnerability impacts all versions of Intina47 context-sync up to 2.0.0.", "risk_and_exploitability": "The CVSS base score of 6.9 indicates a medium to high severity. The EPSS score is less than 1%, suggesting a low current exploitation probability, and the issue is not listed in the CISA KEV catalog. Because the attack can be performed remotely through manipulated input, the risk is elevated for exposed interfaces. However, exploitation requires that the vulnerable Git Integration module is in use and that the application runs with sufficient privileges to execute system commands. Mitigations such as disabling shell execution or updating to a patched release lower the risk substantially."}}}}, "created": "2026-04-27T19:51:52.831138+00:00", "updated": "2026-04-28T05:15:22.935303+00:00", "vendors": ["intina47", "intina47$PRODUCT$context-sync"]}