Description
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.
Published: 2026-01-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

GuardDog is a CLI utility used to scan PyPI packages for malicious content. A vulnerability in the safe_extract() function allows an attacker to craft a malicious package that, when processed by GuardDog, writes files outside the intended extraction directory. This leads to arbitrary file overwrite, which can compromise system files or execute arbitrary code, resulting in full system takeover on machines running GuardDog.

Affected Systems

The affected product is DataDog GuardDog, a Python-based CLI tool. All releases prior to version 2.7.1 are vulnerable; users must ensure they are not running any older revision.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity, while the EPSS score is less than 1%, suggesting low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is inferred to be a local user or process that supplies a malicious PyPI package to GuardDog, which then extracts files beyond the intended directory, leading to overwrite and execution of malicious code.

Generated by OpenCVE AI on April 18, 2026 at 06:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update GuardDog to version 2.7.1 or later.
  • Restrict GuardDog’s execution to users with minimal permissions to prevent the attack from affecting critical system files.
  • Validate or avoid extraction of unknown PyPI packages and enforce strict path checks to prevent traversal attacks.

Generated by OpenCVE AI on April 18, 2026 at 06:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xg9w-vg3g-6m68 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
History

Wed, 21 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:datadoghq:guarddog:*:*:*:*:*:python:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Datadoghq
Datadoghq guarddog
Vendors & Products Datadoghq
Datadoghq guarddog

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 21:00:00 +0000

Type Values Removed Values Added
Description GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.
Title GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Datadoghq Guarddog
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-13T21:24:07.742Z

Reserved: 2026-01-12T16:20:16.747Z

Link: CVE-2026-22871

cve-icon Vulnrichment

Updated: 2026-01-13T21:24:03.402Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T21:15:55.210

Modified: 2026-01-21T18:46:57.057

Link: CVE-2026-22871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:30:25Z

Weaknesses