PatchSiren cyber security CVE debrief
CVE-2026-44971 DataDog CVE debrief
GuardDog, a CLI tool for identifying malicious PyPI packages, contains a critical vulnerability in its programmatic remote project scanning functionality from versions 1.0.0 to 2.9.0. The flaw stems from improper handling of attacker-controlled repository URLs through blind string replacement, combined with the transmission of the caller's GitHub credentials alongside the modified request. This enables Server-Side Request Forgery (SSRF) attacks and credential exfiltration, specifically targeting the GH_TOKEN environment variable used for authentication. The vulnerability carries a HIGH severity CVSS 3.1 score of 8.2, reflecting significant confidentiality impact and moderate integrity impact with no availability impact. The attack vector is network-based with low attack complexity, requiring no privileges or user interaction. The vulnerability was disclosed on May 27, 2026, with subsequent modification to the advisory record later that same day. Organizations using GuardDog for supply chain security scanning should prioritize upgrading to the fixed version to prevent potential credential compromise and unauthorized internal network access.
- Vendor
- DataDog
- Product
- guarddog
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Organizations using GuardDog for PyPI package security scanning, particularly in CI/CD pipelines or automated security workflows; DevSecOps teams managing supply chain security tooling; developers with GH_TOKEN environment variables configured for GitHub API access; security teams responsible for credential management and secrets rotation policies
Technical summary
The vulnerability exists in GuardDog's programmatic API for remote repository scanning. When a user initiates a scan against a repository URL, the application performs a blind string replacement operation on the attacker-controlled URL before issuing HTTP requests. This insufficient validation allows malicious actors to craft URLs that, after transformation, resolve to internal network addresses or attacker-controlled servers. Critically, the application attaches the GH_TOKEN environment variable as an Authorization header to these requests, transmitting valid GitHub credentials to the destination server. The combination of SSRF and credential exfiltration creates a high-impact attack scenario where scanning an untrusted package repository could result in complete compromise of the user's GitHub account. The vulnerability is classified under CWE-918 (Server-Side Request Forgery) and affects all versions from 1.0.0 through 2.9.0.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade GuardDog to version 2.9.1 or later to remediate the SSRF and credential exposure vulnerability
- Audit CI/CD pipelines and local environments for exposed GH_TOKEN values that may have been transmitted to untrusted endpoints
- Review GuardDog scan logs for suspicious repository URLs containing URL-encoded characters or unexpected domain redirects
- Implement network egress filtering on systems running GuardDog to restrict outbound connections to authorized endpoints only
- Rotate any GitHub personal access tokens or OAuth tokens that were used with affected GuardDog versions
- Consider using isolated scanning environments with minimal credential exposure for supply chain security tools
Evidence notes
Vulnerability confirmed through GitHub Security Advisory GHSA-587r-mc96-6f2p. CWE-918 (Server-Side Request Forgery) classification provided by [email protected]. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.
Official resources
-
CVE-2026-44971 CVE record
CVE.org
-
CVE-2026-44971 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-27