CVE-2026-22871
- Source
- https://cve.org/CVERecord?id=CVE-2026-22871
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22871.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-22871
- Aliases
- Published
- 2026-01-13T20:46:57.324Z
- Modified
- 2026-03-01T02:56:23.287212Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
- Details
-
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-22" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22871.json" }- References
Affected packages
Git / github.com/datadog/guarddog
Affected ranges
- Type
- GIT
- Repo
- https://github.com/datadog/guarddog
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.1.0
v0.1.1
v0.1.10
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.11.2
v1.2
v1.2.1
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.6.0
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0