Medium severity5.0NVD Advisory· Published May 27, 2026· Updated May 29, 2026
CVE-2026-44972
CVE-2026-44972
Description
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
guarddogPyPI | >= 2.6.0, <= 2.9.0 | — |
Affected products
1Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.