What is CVE-2026-22871?

## Summary A **path traversal vulnerability** exists in GuardDog's `safe_extract()` function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to **Arbitrary File Overwrite** and **Remote Code Execution** on systems running GuardDog. **CWE:** CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) ## Details ### Vulnerable Code **File:** `guarddog/utils/archives.py` ```python elif zipfile.is_zipfile(source_archive): with zipfile.ZipFile(source_archive, "r") as zip: for file in zip.namelist(): # Note: zip.extract cleans up any malicious file name # such as directory traversal attempts This is not the # case of zipfile.extractall zip.extract(file, path=os.path.join(target_directory, file)) # ❌ VULNERABLE ``` ### Root Cause The comment about `zip.extract()` fooled me at first :) then I noticed the `os.path.join()` call. The vulnerability stems from **incorrect usage of Python's `zipfile.ZipFile.extract()` API**: - The `path` parameter should be the **target directory**, not a full file path - `extract()` automatically appends the member name to the path - By passing `os.path.join(target_directory, file)`, GuardDog causes the filename to be appended **twice** - This breaks zipfile's built-in path traversal sanitization ### Attack Vector 1. Attacker creates malicious wheel with path traversal filenames 2. Uploads to PyPI or distributes directly 3. Package scan: `guarddog pypi scan malicious-pkg` 4. GuardDog downloads and extracts the package 5. Malicious files written to arbitrary locations 6. Code execution could be achieved ## Impact Impact depends on how GuardDog is running and under which environment. ### Critical Scenarios 1. **Immediate Code Execution** - Write to `~/.bashrc` → executes on next shell - Write to `~/.profile` → executes on login 2. **Persistent Backdoors** - Write to `~/.ssh/authorized_keys` → SSH access - Write to `/etc/cron.d/malicious` → scheduled execution (if root) - Write to systemd user services → persistent execution and more... ## Credits **Reported by:** Charbel (dwbruijn)

What is the severity of CVE-2026-22871?

CVE-2026-22871 has a CVSS v3 score of 9.8, which is classified as Critical severity.

Is there an exploit available for CVE-2026-22871?

No known public exploits are currently available for CVE-2026-22871.

Is there a patch available for CVE-2026-22871?

Yes, patches are available for CVE-2026-22871. Check the vendor advisories for update instructions.

CVE-2026-22871 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v39.8

CVSS v20.0

Priority Score711.0

EPSS Score1.0

Critical

Exploitation LikelihoodLow

1.00%EPSS

Lower probability of exploitation

Patch during regular maintenance

1.00%

EPSS

9.8

CVSS

No

Exploit

Yes

Patch

Medium Priority

critical severity

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Summary

A path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog.

CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)

Details

Vulnerable Code

File: guarddog/utils/archives.py

elif zipfile.is_zipfile(source_archive):
    with zipfile.ZipFile(source_archive, "r") as zip:
        for file in zip.namelist():
            # Note: zip.extract cleans up any malicious file name
            # such as directory traversal attempts This is not the
            # case of zipfile.extractall
            zip.extract(file, path=os.path.join(target_directory, file))  # ❌ VULNERABLE

Root Cause

The comment about zip.extract() fooled me at first :) then I noticed the os.path.join() call. The vulnerability stems from incorrect usage of Python's zipfile.ZipFile.extract() API:

The path parameter should be the target directory, not a full file path
extract() automatically appends the member name to the path
By passing os.path.join(target_directory, file), GuardDog causes the filename to be appended twice
This breaks zipfile's built-in path traversal sanitization

Attack Vector

Attacker creates malicious wheel with path traversal filenames
Uploads to PyPI or distributes directly
Package scan: guarddog pypi scan malicious-pkg
GuardDog downloads and extracts the package
Malicious files written to arbitrary locations
Code execution could be achieved

Impact

Impact depends on how GuardDog is running and under which environment.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Network

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Patch References

Github.com