top of page
perceptive_background_267k.jpg

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could …

Published:

27 mei 2026 om 22:00:00

Alert date:

28 mei 2026 om 19:09:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Web Technologies

A vulnerability in Nautobot Network Source of Truth and Network Automation Platform allows users with GitRepository record access to improperly modify the current_head field via REST API. This unintended user-editable field could cause local repository clones to checkout incorrect commits, resulting in misleading state or complete repository unusability. The vulnerability affects versions prior to 2.4.33 and 3.1.2, and has been fixed in these releases.

Technical details

Mitigation steps:

Affected products:

Nautobot

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-44798
https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609
https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3
https://github.com/nautobot/nautobot/releases/tag/v2.4.33
https://github.com/nautobot/nautobot/releases/tag/v3.1.2
https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page