CVE-2026-44972

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,0

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs.

116

Improper Encoding or Escaping of Output

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Modify Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: Not Technology-Specific, AI/ML, Database Server, Web Server

Likelihood of Exploit: High

View CWE Details

https://github.com/DataDog/guarddog/security/advisories/GHS…

https://github.com/DataDog/guarddog/security/advisories/GHSA-m5p4-gvpx-4mvr

CVE-2026-44972

Description

Improper Encoding or Escaping of Output

Common Consequences

Applicable Platforms

Iscriviti alla newsletter