Moderate severityGHSA Advisory· Published May 11, 2026· Updated May 11, 2026

Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

CVE-2026-45046

Description

Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive file-write content remains in the stored payload as ContentPreview, OldString, or NewString at the default standard logging level and at full. This leads to logging of potentially sensitive file content in the local sqlite database, violating Gryphs sensitive file filter and log level contracts.

Impact

Potentially sensitive data accessed or written by coding agents may be logged to local sqlite database. Users of Gryph are affected ONLY if their local sqlite database is stolen or exported to remote system with the assumption that no sensitive data is logged.

Patches

Fixed in v0.7.0

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/safedep/gryphGo	< 0.7.0	0.7.0

Affected products

Safedep/GryphGHSA
Range: <= 0.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-f3jg-756w-gm35ghsaADVISORY
github.com/safedep/gryph/releases/tag/v0.7.0ghsaWEB
github.com/safedep/gryph/security/advisories/GHSA-f3jg-756w-gm35ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000