PYSEC-2026-1430

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/guarddog/PYSEC-2026-1430.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1430
Aliases
Published
2026-07-07T16:03:18.620405Z
Modified
2026-07-07T17:47:38.871040180Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
Details

Summary

A path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog.

CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)

Details

Vulnerable Code

File: guarddog/utils/archives.py

elif zipfile.is_zipfile(source_archive):
    with zipfile.ZipFile(source_archive, "r") as zip:
        for file in zip.namelist():
            # Note: zip.extract cleans up any malicious file name
            # such as directory traversal attempts This is not the
            # case of zipfile.extractall
            zip.extract(file, path=os.path.join(target_directory, file))  # ❌ VULNERABLE

Root Cause

The comment about zip.extract() fooled me at first :) then I noticed the os.path.join() call. The vulnerability stems from incorrect usage of Python's zipfile.ZipFile.extract() API:

  • The path parameter should be the target directory, not a full file path
  • extract() automatically appends the member name to the path
  • By passing os.path.join(target_directory, file), GuardDog causes the filename to be appended twice
  • This breaks zipfile's built-in path traversal sanitization

Attack Vector

  1. Attacker creates malicious wheel with path traversal filenames
  2. Uploads to PyPI or distributes directly
  3. Package scan: guarddog pypi scan malicious-pkg
  4. GuardDog downloads and extracts the package
  5. Malicious files written to arbitrary locations
  6. Code execution could be achieved

Impact

Impact depends on how GuardDog is running and under which environment.

Critical Scenarios

  1. Immediate Code Execution

    • Write to ~/.bashrc → executes on next shell
    • Write to ~/.profile → executes on login
  2. Persistent Backdoors

    • Write to ~/.ssh/authorized_keys → SSH access
    • Write to /etc/cron.d/malicious → scheduled execution (if root)
    • Write to systemd user services → persistent execution

and more...

Credits

Reported by: Charbel (dwbruijn)

References

Affected packages

PyPI / guarddog

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1

Affected versions

0.*
0.1.1
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2
1.2.1
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0
1.10.0
1.10.1
1.11.0
1.11.1
1.11.2
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/guarddog/PYSEC-2026-1430.yaml"