CVE-2026-22870 in guarddog
Summary
by MITRE • 01/13/2026
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data. This vulnerability is fixed in 2.7.1.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/22/2026
The vulnerability identified as CVE-2026-22870 affects GuardDog, a command-line interface tool designed to detect malicious Python Package Index packages. This security flaw resides in the safe_extract() function which is responsible for handling ZIP archive extraction operations including wheel and egg files. The issue represents a classic decompression bomb attack vector where attackers can exploit the lack of size validation during decompression processes to consume excessive system resources.
The technical flaw manifests in the absence of proper file size validation within the safe_extract() function when processing compressed archives. When ZIP files are decompressed, the system should verify that extracted file sizes remain within reasonable bounds relative to their compressed counterparts. However, prior to version 2.7.1, GuardDog failed to implement such checks, allowing malicious actors to craft specially designed ZIP archives that expand to enormous sizes. A few megabytes of compressed data can potentially consume gigabytes of disk space during the extraction process, creating a significant resource exhaustion scenario.
This vulnerability creates a denial of service condition that can severely impact systems running GuardDog. The operational impact extends beyond simple resource exhaustion as it can lead to complete system paralysis when disk space becomes exhausted. Attackers can exploit this weakness by uploading malicious packages to PyPI repositories that contain specially crafted zip bombs, potentially affecting any user who runs GuardDog to scan packages. The vulnerability particularly affects environments with limited storage capacity or automated scanning systems where such resource exhaustion can cascade into broader operational failures.
The fix implemented in version 2.7.1 addresses this issue by introducing proper decompressed file size validation within the safe_extract() function. This remediation aligns with industry best practices for secure decompression operations and follows the principle of least privilege by preventing unbounded resource consumption. Organizations should immediately upgrade to GuardDog version 2.7.1 or later to mitigate this vulnerability. The fix demonstrates the importance of implementing proper input validation and resource limiting mechanisms when handling untrusted archive files, a pattern that aligns with common security guidelines and represents a fundamental defense against archive-based attack vectors.
This vulnerability maps to CWE-400, which specifically addresses "Uncontrolled Resource Consumption" and falls under the broader category of resource exhaustion attacks. From an ATT&CK framework perspective, this represents a denial of service technique that can be used to disrupt system availability, potentially enabling more sophisticated attacks through system instability. The vulnerability also connects to defensive security practices around secure file handling and the importance of implementing proper resource management controls during decompression operations. Organizations should consider implementing additional monitoring and alerting for unusual disk space consumption patterns as an additional layer of defense against similar attacks.