Arbitrary File Write and RCE in Dulwich on Windows via malicious Git tree paths
CVE-2026-42305 is an arbitrary file write vulnerability in Dulwich, the pure-Python Git implementation, affecting versions starting with 0.10.0 and prior to 1.2.5. The flaw is in validation of Git tree entry path elements during clone, fetch, or checkout on Windows. Dulwich's NTFS path-element validator accepted filenames containing bytes and patterns that are benign on POSIX but interpreted by Windows as structural path syntax or special filesystem semantics. According to the provided content, validate_path_element_ntfs did not adequately reject Windows path separators, the alternate data stream marker :, NTFS 8.3 short-name aliases of .git such as git~<digits>, and reserved Windows device names. As a result, a crafted repository tree could cause files to be written inside .git or outside the intended work tree when materialized on Windows. The issue was compounded by configuration bugs: core.protectNTFS and core.protectHFS were read under incorrect option names and user-supplied values were silently ignored, and core.protectNTFS only defaulted to true on Windows rather than on all platforms. The vulnerability can lead to remote code execution because a malicious repository can plant executable content such as hook files under .git\hooks, which may later be executed by Git for Windows or related workflows.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
.git\hooks or escape the work tree using Windows-interpreted path syntax. This can result in remote code execution if executable hook files or other attacker-controlled content are placed in locations that are later executed or trusted by Git tooling. The impact also includes integrity compromise of the local repository and potential propagation risk, because a malicious tree created or republished from POSIX can later affect Windows consumers even if POSIX systems are not directly exploitable.Mitigation
If you can’t patch tonight, do this now.
core.protectNTFS=true does not mitigate the issue because the configuration key was silently ignored. Organizations unable to upgrade should avoid cloning, fetching, or checking out untrusted repositories with Dulwich on Windows, including via the Dulwich CLI, porcelain.clone, or downstream tools built on Dulwich.Remediation
Patch, then assume compromise.
validate_path_element_ntfs to reject Windows path separators, alternate data stream markers, NTFS 8.3 short-name aliases of .git, and reserved Windows device names. It also corrects handling of the core.protectNTFS and core.protectHFS configuration options and changes core.protectNTFS to default to true on every platform. After upgrading, no additional configuration is required for the NTFS validator to be enabled by default.Exploits
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Recent activity
8 sources tracked across advisories and community write-ups. News coverage will land here when it surfaces.
No news coverage yet. Advisories and community discussion only.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.