CVE-2026-22871: GuardDog Path Traversal Vulnerability

CVE-2026-22871 Overview

CVE-2026-22871 is a path traversal vulnerability in GuardDog, a CLI tool developed by DataDog to identify malicious PyPI packages. Prior to version 2.7.1, the safe_extract() function contains a flaw that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory. This vulnerability enables Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog.

Critical Impact

Attackers can craft malicious PyPI packages that, when scanned by GuardDog, exploit the path traversal vulnerability to overwrite arbitrary files on the host system, potentially achieving remote code execution.

Affected Products

• GuardDog versions prior to 2.7.1
• Systems running GuardDog for PyPI package scanning
• CI/CD pipelines utilizing GuardDog for dependency security checks

Discovery Timeline

• 2026-01-13 - CVE-2026-22871 published to NVD
• 2026-01-13 - Last updated in NVD database

Technical Details for CVE-2026-22871

Vulnerability Analysis

This vulnerability is classified as CWE-22 (Path Traversal) and affects the archive extraction functionality within GuardDog. The safe_extract() function in guarddog/utils/archives.py improperly handled file paths during ZIP archive extraction. When processing ZIP files, the function concatenated the target directory with the file path from within the archive, creating a nested path structure that could be manipulated by an attacker.

The flaw specifically occurred in how the zip.extract() method was called. By including path traversal sequences (such as ../) in filenames within a malicious ZIP archive, an attacker could escape the intended extraction directory and write files to arbitrary locations on the filesystem.

Root Cause

The root cause lies in the improper path construction when extracting files from ZIP archives. The original code passed os.path.join(target_directory, file) as the extraction path, which created a nested directory structure rather than properly constraining extraction to the target directory. This allowed specially crafted filenames containing directory traversal sequences to escape the sandbox.

Attack Vector

An attacker could exploit this vulnerability through the network by hosting a malicious PyPI package containing a specially crafted ZIP archive. When a victim uses GuardDog to scan this package, the tool would extract the malicious archive and inadvertently write files outside the intended directory. This could lead to:

1. Overwriting critical system files or configuration files
2. Placing malicious executables in startup directories
3. Injecting backdoors into existing scripts or applications
4. Achieving full remote code execution on the victim's system

                # Note: zip.extract cleans up any malicious file name
                # such as directory traversal attempts This is not the
                # case of zipfile.extractall
-                zip.extract(file, path=os.path.join(target_directory, file))
+                zip.extract(file, path=target_directory)
    else:
        raise ValueError(f"unsupported archive extension: {source_archive}")

Source: GitHub Commit Update

Detection Methods for CVE-2026-22871

Indicators of Compromise

• Unexpected file modifications outside of GuardDog's working directories
• New or modified files in system directories that coincide with GuardDog execution times
• Suspicious PyPI packages with ZIP archives containing path traversal sequences in filenames
• Evidence of file overwrites in system startup or configuration directories

Detection Strategies

• Monitor file system activity during GuardDog execution for writes outside expected directories
• Implement file integrity monitoring on critical system files and directories
• Analyze PyPI packages for ZIP entries containing ../ sequences before scanning
• Review GuardDog logs for extraction activities involving suspicious file paths

Monitoring Recommendations

• Deploy endpoint detection and response (EDR) solutions to monitor for anomalous file system activity
• Set up alerts for file modifications in sensitive directories during package scanning operations
• Implement centralized logging for all GuardDog operations in CI/CD environments
• Use SentinelOne's behavioral AI to detect unauthorized file writes during package analysis

How to Mitigate CVE-2026-22871

Immediate Actions Required

• Upgrade GuardDog to version 2.7.1 or later immediately
• Audit systems that have run vulnerable versions of GuardDog for signs of compromise
• Review recently scanned PyPI packages for potential malicious content
• Implement network segmentation to limit the impact of potential compromises in scanning environments

Patch Information

The vulnerability has been fixed in GuardDog version 2.7.1. The fix corrects the path handling in the safe_extract() function by passing only the target_directory to the zip.extract() method, ensuring files are properly extracted within the intended directory without path traversal vulnerabilities. For detailed patch information, refer to the GitHub Security Advisory and the GitHub Commit Update.

Workarounds

• Run GuardDog in an isolated container or sandbox environment to limit file system access
• Implement strict file system permissions to prevent writes outside designated directories
• Use read-only file systems for critical system directories during package scanning operations
• Pre-validate ZIP archives for path traversal sequences before passing them to GuardDog

# Upgrade GuardDog to patched version
pip install --upgrade guarddog>=2.7.1

# Verify installed version
pip show guarddog | grep Version