CVE-2026-45046
Information Exposure in Gryph AI Coding Agent
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gryph | gryph | 0.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-212 | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Gryph, a security layer for AI coding agents, in versions prior to 0.7.0. Gryph uses logging levels to control what content is logged to a local sqlite database. Although the README states that the default log level is minimal, it is actually set to standard. At this standard logging level and at full logging level, sensitive file content is logged and stored in the database as ContentPreview, OldString, or NewString. This behavior violates Gryph's intended sensitive file filter and logging level contracts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes Gryph to log potentially sensitive file content in a local sqlite database, which violates Gryph's sensitive file filter and log level contracts.
Logging sensitive data improperly can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls over the handling and storage of sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Gryph logging sensitive file-write content into a local SQLite database in fields such as ContentPreview, OldString, or NewString at the default standard logging level. Detection involves inspecting the local SQLite database used by Gryph for the presence of sensitive data in these fields.
You can detect the vulnerability by querying the SQLite database to check for sensitive content stored in the relevant fields. For example, using the sqlite3 command-line tool, you can run queries to inspect the ContentPreview, OldString, and NewString columns for sensitive data.
- Open the Gryph SQLite database file with sqlite3: sqlite3 path_to_gryph_database.db
- Run SQL queries to check for non-empty or suspicious content in the relevant columns, for example: SELECT ContentPreview, OldString, NewString FROM logs WHERE ContentPreview IS NOT NULL OR OldString IS NOT NULL OR NewString IS NOT NULL LIMIT 10;
- Review the output for any sensitive file content that should not be logged.
Note that this vulnerability is local and requires access to the Gryph SQLite database file. Detection on the network level is not applicable since the issue is with local logging.
How can this vulnerability impact me? :
The vulnerability can lead to sensitive file content being logged and stored locally in the sqlite database. This exposure of sensitive data can increase the risk of unauthorized access to confidential information, potentially leading to data breaches or leakage of sensitive information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Gryph to version 0.7.0 or later, where the issue with sensitive file content being logged to the local sqlite database has been fixed.