QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-44972

Back to search

CVE-2026-44972

Published: May 27, 2026

Modified: May 27, 2026

PUBLISHED

CVSS v3.1

5.0

MEDIUM

Description

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs.

VendorProductVersions

DataDog

guarddog

affected
>= 2.6.0, <= 2.9.0

Weaknesses (CWE)

CWE-116

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now