CVE-2026-44971

HIGH

GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

Title source: cna

Description

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog. This vulnerability is fixed in .

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/DataDog/guarddog/security/advisories/GHSA-587r-mc96-6f2p

Scores

CVSS v3 8.2

EPSS 0.0020

EPSS Percentile 9.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

DataDog/guarddog >= 1.0.0, <= 2.9.0

pypi/guarddog 1.0.0 - 2.9.0PyPI

Published May 27, 2026

Tracked Since May 27, 2026