Finding · openhands

Security: Fix CVE-2026-42305 via dulwich upgrade to 1.2.5

What Changed

Updated dulwich library to version 1.2.5 to address CVE-2026-42305 security vulnerability affecting git operations.

Operator Implication

Operators must deploy this security patch to mitigate CVE-2026-42305 exposure in git operations library. Git-based workflows may be affected if vulnerability is exploitable.

Receipt

Commit 3eb16a9 (2026-06-03T17:16:58Z): 'Fix CVE-2026-42305: Update dulwich to 1.2.5 (#14626)' - Git library vulnerability remediation in poetry.lock (enterprise

Finding metadata

Confidence: high
Actionability: test
Accessibility impact: none

Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

Finding ID: 2026-06-03-openhands-cve-2026-42305-dulwich

Accepted signals

Upgrade dulwich to 1.2.5 to close CVE-2026-42305 in git operations · 2026-06-03

Source links

Primary links, including exact changelog lines when available.

OpenHands
commitCommit 3eb16a9 (2026-06-03T17:16:58Z): 'Fix CVE-2026-42305: Update dulwich to 1.2.5 (#14626)' - Git library vulnerability remediation in poetry.lock (enterprise and root directories)github.com/OpenHands/OpenHands/commit/3eb16a9