GHSA-XG9W-VG3G-6M68

Vulnerability from github – Published: 2026-01-13 21:54 – Updated: 2026-01-13 21:54
VLAI?
Summary
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
Details

Summary

A path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog.

CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)

Details

Vulnerable Code

File: guarddog/utils/archives.py

elif zipfile.is_zipfile(source_archive):
    with zipfile.ZipFile(source_archive, "r") as zip:
        for file in zip.namelist():
            # Note: zip.extract cleans up any malicious file name
            # such as directory traversal attempts This is not the
            # case of zipfile.extractall
            zip.extract(file, path=os.path.join(target_directory, file))  # ❌ VULNERABLE

Root Cause

The comment about zip.extract() fooled me at first :) then I noticed the os.path.join() call. The vulnerability stems from incorrect usage of Python's zipfile.ZipFile.extract() API:

  • The path parameter should be the target directory, not a full file path
  • extract() automatically appends the member name to the path
  • By passing os.path.join(target_directory, file), GuardDog causes the filename to be appended twice
  • This breaks zipfile's built-in path traversal sanitization

Attack Vector

  1. Attacker creates malicious wheel with path traversal filenames
  2. Uploads to PyPI or distributes directly
  3. Package scan: guarddog pypi scan malicious-pkg
  4. GuardDog downloads and extracts the package
  5. Malicious files written to arbitrary locations
  6. Code execution could be achieved

Impact

Impact depends on how GuardDog is running and under which environment.

Critical Scenarios

  1. Immediate Code Execution
  2. Write to ~/.bashrc → executes on next shell

  3. Write to ~/.profile → executes on login

  4. Persistent Backdoors

  5. Write to ~/.ssh/authorized_keys → SSH access
  6. Write to /etc/cron.d/malicious → scheduled execution (if root)
  7. Write to systemd user services → persistent execution

and more...

Credits

Reported by: Charbel (dwbruijn)

Severity ?
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "guarddog"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-13T21:54:49Z",
    "nvd_published_at": "2026-01-13T21:15:55Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nA **path traversal vulnerability** exists in GuardDog\u0027s `safe_extract()` function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to **Arbitrary File Overwrite** and **Remote Code Execution** on systems running GuardDog.\n\n**CWE:** CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)\n\n## Details\n\n### Vulnerable Code\n\n**File:** `guarddog/utils/archives.py`\n\n```python\nelif zipfile.is_zipfile(source_archive):\n    with zipfile.ZipFile(source_archive, \"r\") as zip:\n        for file in zip.namelist():\n            # Note: zip.extract cleans up any malicious file name\n            # such as directory traversal attempts This is not the\n            # case of zipfile.extractall\n            zip.extract(file, path=os.path.join(target_directory, file))  # \u274c VULNERABLE\n```\n\n### Root Cause\n\nThe comment about `zip.extract()` fooled me at first :) then I noticed the `os.path.join()` call. \nThe vulnerability stems from **incorrect usage of Python\u0027s `zipfile.ZipFile.extract()` API**:\n\n- The `path` parameter should be the **target directory**, not a full file path\n- `extract()` automatically appends the member name to the path\n- By passing `os.path.join(target_directory, file)`, GuardDog causes the filename to be appended **twice**\n- This breaks zipfile\u0027s built-in path traversal sanitization\n\n### Attack Vector\n\n1. Attacker creates malicious wheel with path traversal filenames\n2. Uploads to PyPI or distributes directly\n3. Package scan: `guarddog pypi scan malicious-pkg`\n4. GuardDog downloads and extracts the package\n5. Malicious files written to arbitrary locations\n6. Code execution could be achieved\n\n## Impact\n\nImpact depends on how GuardDog is running and under which environment.\n\n### Critical Scenarios\n\n1. **Immediate Code Execution**\n   - Write to `~/.bashrc` \u2192 executes on next shell\n   - Write to `~/.profile` \u2192 executes on login\n\n2. **Persistent Backdoors**\n   - Write to `~/.ssh/authorized_keys` \u2192 SSH access\n   - Write to `/etc/cron.d/malicious` \u2192 scheduled execution (if root)\n   - Write to systemd user services \u2192 persistent execution\n\nand more...\n\n## Credits\n\n**Reported by:** Charbel (dwbruijn)",
  "id": "GHSA-xg9w-vg3g-6m68",
  "modified": "2026-01-13T21:54:49Z",
  "published": "2026-01-13T21:54:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/DataDog/guarddog/security/advisories/GHSA-xg9w-vg3g-6m68"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22871"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DataDog/guarddog/commit/9aa6a725b2c71d537d3c18d1c15621395ebb879c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/DataDog/guarddog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.