CVE-2026-22871 in guarddoginformação

Sumário

de MITRE • 13/01/2026

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

12/01/2026

Divulgação

13/01/2026

Moderação

aceite

Entrada

VDB-340928

CPE

pronto

CWE

CWE-22 (confirmado)

CVSS

9.8 (NVD)

EPSS

0.00236

KEV

não

Atividades

muito baixo

Sector

Lawfirm, Energy, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22871
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22871
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22871/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!