Critical Remote Code Execution Vulnerability in GitBucket Disclosed

Critical Remote Code Execution Vulnerability in GitBucket Disclosed

First seen 18 May 2026, 11:20 UTC Lyrie.AiCve.Toolsgithub.comcveawg.mitre.org 87% similarity 76.5

Article Content

Browse articles
ThreatCluster

A critical vulnerability (CVE-2018-25332) has been identified in GitBucket version 4.23.1, allowing unauthenticated remote code execution. Attackers can exploit weak secret token generation and insecure file upload functionality to execute arbitrary commands. The attack vector involves brute-forcing the Blowfish encryption key and uploading malicious JAR plugins via the git-lfs endpoint. This vulnerability has been validated by three independent sources prior to publication. Organizations using GitBucket are urged to assess their systems for this vulnerability. The flaw was published on May 17, 2026, and poses a significant risk to affected users.

Key Points: • CVE-2018-25332 allows unauthenticated remote code execution in GitBucket 4.23.1. • Attackers can exploit weak token generation and insecure file uploads to execute commands. • Three independent sources confirmed the vulnerability before its public disclosure.

ThreatCluster AI

Timeline

2026-05-17
CVE-2018-25332 published
GitBucket 4.23.1 vulnerability disclosed, enabling remote code execution through weak token generation.
Lyrie.Ai
2026-05-17
Vulnerability confirmed by multiple sources
Three independent sources validated the existence and severity of the vulnerability before publication.
Cve.Tools

Community

Browse all →