CVE-2026-22871

Critical

Published: 13 January 2026

Published

13 January 2026

Modified

21 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0020 42.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to…

Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly counters the path traversal vulnerability by requiring validation of file paths in GuardDog's safe_extract function during PyPI package extraction.

SI-2 Flaw Remediation good match

prevent

Mitigates the vulnerability through timely flaw remediation by updating GuardDog to version 2.7.1 or later where the issue is fixed.

AC-6 Least Privilege partial match

prevent

Limits impact of arbitrary file overwrites and resulting RCE by enforcing least privilege on the GuardDog process, restricting write access to critical system areas.

Security SummaryAI

CVE-2026-22871 is a path traversal vulnerability (CWE-22) in the safe_extract() function of GuardDog, a CLI tool designed to identify malicious PyPI packages. Versions of GuardDog prior to 2.7.1 are affected, allowing malicious PyPI packages to write arbitrary files outside the intended extraction directory during analysis. This flaw enables arbitrary file overwrite and remote code execution on systems running the vulnerable GuardDog instance, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited remotely by any unauthenticated attacker with network access to a system running vulnerable GuardDog. By crafting a malicious PyPI package that triggers the path traversal in safe_extract(), the attacker can overwrite critical files or execute arbitrary code on the target system when GuardDog scans the package. No user interaction or privileges are required, making it highly exploitable in environments where GuardDog is used for automated PyPI package scanning.

The GuardDog security advisory (GHSA-xg9w-vg3g-6m68) and the fixing commit (9aa6a725b2c71d537d3c18d1c15621395ebb879c) confirm that the issue is resolved in version 2.7.1. Security practitioners should update to GuardDog 2.7.1 or later to mitigate the vulnerability.

Details

CWE(s): CWE-22

Affected Products

datadoghq

guarddog

≤ 2.7.1

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Path traversal vulnerability in the client-side GuardDog tool enables unauthenticated remote code execution and arbitrary file writes when extracting malicious PyPI packages.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/DataDog/guarddog/commit/9aa6a725b2c71d537d3c18d1c15621395ebb879c
Patch · security-advisories@github.com
https://github.com/DataDog/guarddog/security/advisories/GHSA-xg9w-vg3g-6m68
Third Party Advisory · security-advisories@github.com