CVE-2026-21882

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/AsfhtgkDavid/theshit/commit/5293957b119e55212dce2c6dcbaf1d7eb794602a
https://github.com/AsfhtgkDavid/theshit/security/advisories/GHSA-2j3p-gqw5-g59j

Configurations

No configuration.

History

15 Apr 2026, 15:42

Type	Values Removed	Values Added
Summary		(es) theshit es una utilidad de línea de comandos que detecta y corrige automáticamente errores comunes en comandos de shell. Antes de la versión 0.2.0, una caída de privilegios inadecuada permite la escalada de privilegios local mediante la reejecución de comandos. Este problema ha sido parcheado en la versión 0.2.0.

02 Mar 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-02 20:16

Updated : 2026-04-15 15:42

NVD link : CVE-2026-21882

Mitre link : CVE-2026-21882

CVE.ORG link : CVE-2026-21882

JSON object : View

Products Affected

No product.

CWE

CWE-250

Execution with Unnecessary Privileges

CWE-269

Improper Privilege Management

CWE-273

Improper Check for Dropped Privileges

8.4 /10