PatchSiren cyber security CVE debrief
CVE-2026-45046 safedep CVE debrief
Gryph, a security layer for AI coding agents, incorrectly documents its default logging level as minimal when it is actually standard. At this default level and at full logging, sensitive file-write content persists in the local SQLite database within ContentPreview, OldString, or NewString fields, bypassing Gryph's sensitive file filter and violating its logging contracts. This results in local information disclosure of potentially sensitive file content to any actor with access to the database file. The vulnerability is fixed in version 0.7.0.
- Vendor
- safedep
- Product
- gryph
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Organizations using Gryph to secure AI coding agents, particularly those processing sensitive source code, credentials, or proprietary files. Security teams responsible for AI agent governance and data loss prevention. Developers and DevOps engineers managing local Gryph installations with SQLite logging enabled.
Technical summary
The Gryph security layer for AI coding agents versions prior to 0.7.0 contains an information disclosure vulnerability. The README incorrectly states that the default log level is minimal, when source code analysis confirms it is standard. At the standard and full logging levels, sensitive file-write operations retain content in database fields including ContentPreview, OldString, and NewString within the local SQLite database. This violates Gryph's sensitive file filtering mechanisms and logging level contracts, potentially exposing sensitive file content to local attackers with database access. The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N reflects local attack vector with high confidentiality impact. CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer) applies.
Defensive priority
medium
Recommended defensive actions
- Upgrade Gryph to version 0.7.0 or later to remediate this vulnerability
- Review local SQLite database files for sensitive content exposure if running versions prior to 0.7.0
- Verify logging level configuration explicitly rather than relying on documented defaults
- Audit file system permissions on Gryph database files to restrict access
- Review and rotate any credentials or sensitive data that may have been logged prior to patching
Evidence notes
CVE description confirms documentation error regarding default logging level. Source code review cited in description shows sensitive content fields (ContentPreview, OldString, NewString) remain populated at standard and full logging levels. GitHub Security Advisory GHSA-f3jg-756w-gm35 provides authoritative vendor disclosure.
Official resources
-
CVE-2026-45046 CVE record
CVE.org
-
CVE-2026-45046 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-27