Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Git LFS on Red Hat Systems Allows Unauthorized File Access
RHSA-2026:3985
Summary
A security update is available for Git Large File Storage (LFS) on Red Hat systems. This update fixes a vulnerability that could allow an attacker to access files they shouldn't have access to. To stay protected, ensure you apply the latest update to your Git LFS installation.
What to do
- Update redhat git-lfs to version 0:3.4.1-8.el8_10.
- Update redhat git-lfs-debuginfo to version 0:3.4.1-8.el8_10.
- Update redhat git-lfs-debugsource to version 0:3.4.1-8.el8_10.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | git-lfs | <= 0:3.4.1-8.el8_10 | 0:3.4.1-8.el8_10 |
| redhat | git-lfs-debuginfo | <= 0:3.4.1-8.el8_10 | 0:3.4.1-8.el8_10 |
| redhat | git-lfs-debugsource | <= 0:3.4.1-8.el8_10 | 0:3.4.1-8.el8_10 |
Original title
Red Hat Security Advisory: git-lfs security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3985 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434432 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2437111 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3985.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61726 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Vendor Advisory
- https://go.dev/cl/736712 Third Party Advisory
- https://go.dev/issue/77101 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4341 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-68121 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-68121 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-68121 Vendor Advisory
- https://go.dev/cl/737700 Third Party Advisory
- https://go.dev/issue/77217 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/K09ubi9FQFk Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4337 Vendor Advisory
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026