A vulnerability was found in degit up to 2.8.5/3.3.0 . It has been rated as critical . The impacted element is the function exec . Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-11572 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.