CVE-2026-22871
Path Traversal in GuardDog Allows Arbitrary File Overwrite
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datadog | guarddog | to 2.7.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability on your system, check the version of GuardDog installed and verify if it is below 2.7.1, as versions 2.7.0 and below are vulnerable. You can run the command `guarddog --version` or check the package version via your package manager. Additionally, monitor for unexpected or unauthorized file writes outside the intended extraction directories, especially files like ~/.bashrc, ~/.profile, ~/.ssh/authorized_keys, or system files such as /etc/cron.d/malicious. You can use commands like `find / -type f -name '.bashrc' -newermt '2026-01-01'` to find recently modified shell initialization files or `grep -r 'malicious' /etc/cron.d/` to detect suspicious cron jobs. Network detection is difficult without specific signatures, but monitoring for downloads of suspicious PyPI packages or unexpected GuardDog activity may help. [2]
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in GuardDog's safe_extract() function prior to version 2.7.1. It allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, which can lead to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog.
How can this vulnerability impact me? :
The vulnerability can allow attackers to overwrite arbitrary files on your system and potentially execute remote code, which could compromise the security and integrity of your system running GuardDog.
What immediate steps should I take to mitigate this vulnerability?
Upgrade GuardDog to version 2.7.1 or later, as this version contains the fix for the path traversal vulnerability in the safe_extract() function. Avoid using vulnerable versions prior to 2.7.1 to prevent arbitrary file overwrite and remote code execution.