Version: v1.1.x

CVE-2026-44973

CVE Details

Visit the official vulnerability details page for CVE-2026-44973 to learn more.

Initial Publication

05/28/2026

Last Update

05/29/2026

Third Party Dependency

github.com/go-git/go-billy/v5

NIST CVE Summary

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using ..) to escape intended base directories. While go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsistent across some of the built-in implementations. This results in scenarios where applications relying on go-billy for some level of isolation may inadvertently expose access to unintended filesystem locations. This vulnerability is fixed in 5.9.0.

CVE Severity

8.1

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Deferred

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
1.1.5	⚠️ Impacted	⚠️ Impacted
1.0.7	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​