top of page
perceptive_background_267k.jpg

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could …

Published:

27 mei 2026 om 22:00:00

Alert date:

28 mei 2026 om 20:05:25

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Enterprise Applications

A vulnerability in Nautobot Network Source of Truth and Network Automation Platform allows users with GitRepository access to manipulate the current_head field via REST API. This unintended functionality can cause local repository clones to checkout incorrect commits, resulting in misleading state or complete repository failure. The issue affects versions prior to 2.4.33 and 3.1.2, potentially disrupting network automation workflows until manual remediation.

Technical details

Mitigation steps:

Affected products:

Nautobot

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-44798
https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609
https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3
https://github.com/nautobot/nautobot/releases/tag/v2.4.33
https://github.com/nautobot/nautobot/releases/tag/v3.1.2
https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page