CVE-2026-45046

Source
https://cve.org/CVERecord?id=CVE-2026-45046
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45046.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45046
Aliases
Published
2026-05-27T18:24:23.410Z
Modified
2026-07-08T08:13:46.909042489Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Details

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive file-write content remains in the stored payload as ContentPreview, OldString, or NewString at the default standard logging level and at full. This leads to logging of potentially sensitive file content in the local sqlite database, violating Gryphs sensitive file filter and log level contracts. This vulnerability is fixed in 0.7.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45046.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-212"
    ]
}
References

Affected packages

Git / github.com/safedep/gryph

Affected ranges

Type
GIT
Repo
https://github.com/safedep/gryph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.7.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.6.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45046.json"