Path Traversal in Datadog Guarddog

CVE-2026-22871

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the inten…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (46.6th percentile) — read the EPSS interpretation.

Affected products

Datadog Guarddog — versions < 2.7.1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/DataDog/guarddog/security/advisories/GHSA-xg9w-vg3g-6m68 (x_refsource_CONFIRM)
https://github.com/DataDog/guarddog/commit/9aa6a725b2c71d537d3c18d1c15621395ebb879c (x_refsource_MISC)