CVE-2026-44220— ciguard: discover_pipeline_files follows symlinks out of scan root
Possible ATT&CK Techniques 1AI
T1083 · File and Directory DiscoveryGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44220
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ciguard: discover_pipeline_files follows symlinks out of scan root
Source: NVD (National Vulnerability Database)
Vulnerability Description
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory the user (or AI agent) scans can cause discovery to walk into the symlink target and return paths to pipeline-shaped files outside the requested root. This vulnerability is fixed in 0.8.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ciguard 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ciguard是Johannes Moore个人开发者的一款CI/CD管道安全审计与可视化工具。 ciguard 0.8.0至0.8.1版本存在后置链接漏洞,该漏洞源于discover_pipeline_files()函数在遍历目录树时跟随符号链接,可能导致攻击者通过植入符号链接使发现过程返回根目录外的管道形状文件路径。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44220
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44220
请登录查看更多情报信息。
Advisory · 1
Same Patch Batch · Jo-Jo98 · 2026-05-12 · 3 CVEs total
| CVE-2026-44219 | 3.7 LOW | ciguard: SCA HTTP client reads response body without size cap |
| CVE-2026-44218 | 3.0 LOW | ciguard: Container image runs as root (no USER directive) |
IV. Related Vulnerabilities
Same weakness: CWE-59
- CVE-2025-71212
Trend Micro Apex One本地权限提升漏洞 - CVE-2026-44051
Arbitrary file read via attacker-controlled symlink creation - CVE-2026-42834
Windows Admin Center in Azure Portal Elevation of Privilege - CVE-2026-41091
Microsoft Defender Elevation of Privilege Vulnerability - CVE-2026-45539
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agen
V. Comments for CVE-2026-44220
No comments yet