CVE-2026-44220
ciguard: discover_pipeline_files follows symlinks out of scan root
CVSS Score
3.2
EPSS Score
0.0%
EPSS Percentile
1th
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory the user (or AI agent) scans can cause discovery to walk into the symlink target and return paths to pipeline-shaped files outside the requested root. This vulnerability is fixed in 0.8.2.
| CWE | CWE-59 |
| Vendor | jo-jo98 |
| Product | ciguard |
| Published | May 12, 2026 |
| Last Updated | May 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for jo-jo98 ciguard
Be the first to know when new low vulnerabilities affecting jo-jo98 ciguard are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
Jo-Jo98 / ciguard
>= 0.8.0, < 0.8.2