Git Large File System (LFS) on Red Hat Systems: Data Exposure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Git Large File System (LFS) on Red Hat Systems: Data Exposure

RHSA-2026:3973

Summary

Red Hat has released a security update for Git Large File System (LFS) on Red Hat systems. If left unpatched, this issue could potentially allow attackers to access sensitive data. To protect your system, apply the available update as soon as possible.

What to do

Update redhat git-lfs to version 0:2.13.3-3.el8_4.4.
Update redhat git-lfs-debuginfo to version 0:2.13.3-3.el8_4.4.
Update redhat git-lfs-debugsource to version 0:2.13.3-3.el8_4.4.

Affected software

Vendor	Product	Affected versions	Fix available
redhat	git-lfs	<= 0:2.13.3-3.el8_4.4	0:2.13.3-3.el8_4.4
redhat	git-lfs-debuginfo	<= 0:2.13.3-3.el8_4.4	0:2.13.3-3.el8_4.4
redhat	git-lfs-debugsource	<= 0:2.13.3-3.el8_4.4	0:2.13.3-3.el8_4.4
redhat	git-lfs	<= 0:2.13.3-3.el8_4.4	0:2.13.3-3.el8_4.4
redhat	git-lfs-debuginfo	<= 0:2.13.3-3.el8_4.4	0:2.13.3-3.el8_4.4
redhat	git-lfs-debugsource	<= 0:2.13.3-3.el8_4.4	0:2.13.3-3.el8_4.4

Original title

Red Hat Security Advisory: git-lfs security update

osv CVSS3.1 7.5

https://access.redhat.com/errata/RHSA-2026:3973 Vendor Advisory
https://access.redhat.com/security/updates/classification/#important Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2418462 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2434432 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3973.j... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-61726 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Vendor Advisory
https://go.dev/cl/736712 Third Party Advisory
https://go.dev/issue/77101 Third Party Advisory
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Third Party Advisory
https://pkg.go.dev/vuln/GO-2026-4341 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-61729 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Vendor Advisory
https://go.dev/cl/725920 Third Party Advisory
https://go.dev/issue/76445 Third Party Advisory
https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 Third Party Advisory
https://pkg.go.dev/vuln/GO-2025-4155 Vendor Advisory

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026