CVE-2026-44218

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,0

Source: [email protected]

Attack Vector: local

Attack Complexity: high

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2.

269

Improper Privilege Management

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://github.com/Jo-Jo98/ciguard/security/advisories/GHSA…

https://github.com/Jo-Jo98/ciguard/security/advisories/GHSA-jrm4-4pcf-4763

CVE-2026-44218

Description

Improper Privilege Management

Common Consequences

Applicable Platforms

Iscriviti alla newsletter