CVE-2026-44971EPSS p9.6%

CVE-2026-44971CVE-2026-44971

Description

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog. This vulnerability is fixed in .

Scoring

CVSS 8.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.20% probability of exploitation · percentile 9.6% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22871
CVE
GitLab Server-Side Request Forgery (SSRF) Vulnerability
CVE
CVE-2026-25471
CVE
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE
CVE-2026-45758
CVE
CVE-2026-28416
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.