CVE-2026-22871 — CRITICAL (9.8)

Q: How severe is CVE-2026-22871?

CVE-2026-22871 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-22871?

Check the references section above for vendor advisories and patch information. Affected products include: Datadoghq Guarddog.

Vulnerability Description

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Datadoghq	Guarddog	< 2.7.1

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2026-22871?

CVE-2026-22871 is a vulnerability with a CVSS score of 9.8 (CRITICAL). GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to ...

How severe is CVE-2026-22871?

CVE-2026-22871 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-22871?

Check the references section above for vendor advisories and patch information. Affected products include: Datadoghq Guarddog.