CVE-2026-27113
📋 TL;DR
This vulnerability in Liquid Prompt allows arbitrary command injection when users navigate to directories containing Git repositories with malicious branch names. Only users running the master branch with specific configurations are affected - no stable releases contain the vulnerable code. Attackers can execute arbitrary commands when the shell prompt renders.
💻 Affected Systems
- Liquid Prompt
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary command execution with the privileges of the logged-in user, potentially leading to lateral movement, data exfiltration, or persistence establishment.
Likely Case
Limited command execution in user context when navigating to attacker-controlled Git repositories, potentially leading to local privilege escalation or credential theft.
If Mitigated
No impact if proper controls are in place, as exploitation requires specific non-default configurations.
🎯 Exploit Status
Exploitation requires social engineering or local access to create malicious Git repository with crafted branch name containing shell syntax like '$(...)' or backticks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Master branch commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c
Vendor Advisory: https://github.com/liquidprompt/liquidprompt/security/advisories/GHSA-q6hm-vf4f-47jf
Restart Required: No
Instructions:
1. Update to latest master branch: 'git pull origin master' in liquidprompt directory. 2. Source the updated prompt in your shell configuration. 3. No shell restart needed - changes apply to new terminal sessions.
🔧 Temporary Workarounds
Disable gitstatusd integration
linuxSet LP_ENABLE_GITSTATUSD to 0 to disable the vulnerable component
export LP_ENABLE_GITSTATUSD=0
Add 'export LP_ENABLE_GITSTATUSD=0' to your shell configuration file (~/.bashrc, ~/.zshrc, etc.)
🧯 If You Can't Patch
- Disable LP_ENABLE_GITSTATUSD by setting it to 0 in shell configuration
- Avoid using Git repositories from untrusted sources or with unknown branch names
🔍 How to Verify
Check if Vulnerable:
Check if using master branch between vulnerable commits: 'cd ~/.liquidprompt && git log --oneline | head -20' and look for commits between cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30cCheck Version:
cd ~/.liquidprompt && git log --oneline | head -1Verify Fix Applied:
Verify you have commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c or later: 'cd ~/.liquidprompt && git log --oneline | head -5'📡 Detection & Monitoring
Log Indicators:
- Unusual shell commands executed from prompt context
- Git operations on repositories with suspicious branch names
Network Indicators:
- None - local exploitation only
SIEM Query:
Process execution where parent process is shell and command contains suspicious patterns from prompt rendering