VDB
GHSA-xgxp-f695-6vrp
GHSA-xgxp-f695-6vrp
PUBLISHED
CVSS 7.099999904632568 HIGH
In Soft Serve, an authenticated repo import can clone server-local private repositories
Risk Scores
CVSS 4.0
7.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | charmbracelet/soft-serve | = 0.6.0,, 0.11.6, 0.6.0 |
Timeline
- Mar 19, 2026 CVE Published
- Mar 27, 2026 CVE Updated
- Mar 30, 2026 Security Advisory
References
- https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-xgxp-f695-6vrp url
- https://nvd.nist.gov/vuln/detail/CVE-2026-33353 advisory
- https://github.com/charmbracelet/soft-serve/commit/c147421caf234bcfc1570c79d728ecbbe5813e55 url
- https://github.com/charmbracelet/soft-serve package
- https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.6 url
- In Soft Serve, an authenticated repo import can clone server-local private repositories advisory