CVE-2026-33762

CVE Details

Visit the official vulnerability details page for CVE-2026-33762 to learn more.

Initial Publication

03/31/2026

Last Update

04/02/2026

Third Party Dependency

github.com/go-git/go-git/v5

NIST CVE Summary

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This issue only affects Git index format version 4. Earlier formats (go-git supports only v2 and v3) are not vulnerable to this issue. This issue has been patched in version 5.17.1.

CVE Severity

2.8

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Analyzed

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
1.1.0-rc.1	⚠️ Impacted	⚠️ Impacted
1.0.4	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​