CVE-2026-21882

HIGH

theshit <0.2.0 - Privilege Escalation

Title source: llm

Description

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.

References (2)

[Vendor Advisory] https://github.com/AsfhtgkDavid/theshit/security/advisories/GHSA-2j3p-gqw5-g59j

[Patch] https://github.com/AsfhtgkDavid/theshit/commit/5293957b119e55212dce2c6dcbaf1d7eb794602a

View Patch ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-250 CWE-269 CWE-273

Status published

Products (1)

crates.io/theshit 0 - 0.2.0crates.io

Published Mar 02, 2026

Tracked Since Mar 03, 2026