Cyber Resilience

CVE-2026-7062

Medium

Published: 26 April 2026

Published
26 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0171 82.8th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7062 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A security vulnerability has been detected in Intina47 context-sync up to version 2.0.0 within the Git Integration component, specifically in the file src/git-integration.ts. The flaw permits OS command injection through improper handling of inputs, as indicated by the associated CWEs 77 and 78, and carries a CVSS 4.0 score of 5.5 reflecting network-accessible impact on confidentiality, integrity, and availability without requiring authentication or user interaction.

The vulnerability can be exploited remotely by unauthenticated attackers who supply crafted input to trigger arbitrary operating system commands on the affected system. A public exploit has already been disclosed, enabling potential unauthorized execution of commands via the Git integration path.

The listed references consist of the project's GitHub repository, an associated issue report, a separate public exploit disclosure, and Vuldb entries, but contain no explicit details on patches or mitigation steps. The EPSS score remains essentially flat between a current value of 0.0171 and a peak of 0.0176.

EU & UK References

Vulnerability details

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The…

more

exploit has been disclosed publicly and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in a network-accessible Git Integration component directly enables remote arbitrary command execution, mapping to exploitation of public-facing applications (T1190) and command/scripting interpreter (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-59736Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78
CVE-2025-59740Shared CWE-77, CWE-78
CVE-2026-4585Shared CWE-77, CWE-78
CVE-2026-7698Shared CWE-77, CWE-78
CVE-2026-1544Shared CWE-77, CWE-78
CVE-2025-1536Shared CWE-77, CWE-78
CVE-2025-15501Shared CWE-77, CWE-78
CVE-2026-9452Shared CWE-77, CWE-78
CVE-2026-4170Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching of known flaws like CVE-2026-7062 to eliminate the OS command injection vulnerability in the Git Integration component.

prevent

Implements input validation at entry points to block malicious payloads that enable OS command injection in src/git-integration.ts.

detect

Enables monitoring for indicators of OS command injection attacks, such as anomalous command executions from the vulnerable Git Integration component.

References