CVE-2026-44218
ciguard: Container image runs as root (no USER directive)
CVSS Score
3.0
EPSS Score
0.0%
EPSS Percentile
0th
ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2.
| CWE | CWE-269 |
| Vendor | jo-jo98 |
| Product | ciguard |
| Published | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for jo-jo98 ciguard
Be the first to know when new low vulnerabilities affecting jo-jo98 ciguard are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Jo-Jo98 / ciguard
>= 0.1.0, < 0.8.2