CVE-2026-21882 theshit — Exploit & Vulnerability Details HIGH

CVE-2026-21882

HIGH CVSS 3.1: 8.4 EPSS 0.02%

Parameter	Value
CVSS	8.4 (HIGH)
Fixed In	0.2.0
Type	CWE-250, CWE-273, CWE-269 (Improper Privilege Management)
Vendor	theshit
Public PoC	No

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-250

CWE-273

CWE-269 Improper Privilege Management

References 2

https://github.com/AsfhtgkDavid/theshit/commit/5293957b119e55212dce2c6dcbaf1d7e…

security-advisories@github.com

https://github.com/AsfhtgkDavid/theshit/security/advisories/GHSA-2j3p-gqw5-g59j

security-advisories@github.com

Share Post Share Share Share

Menu

CVE-2026-21882

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Menu

CVE-2026-21882

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Stay informed on cybersecurity