CVE-2026-44220: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Jo-Jo98 ciguard
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory the user (or AI agent) scans can cause discovery to walk into the symlink target and return paths to pipeline-shaped files outside the requested root. This vulnerability is fixed in 0.8.2.
AI Analysis
Technical Summary
The vulnerability in Jo-Jo98's ciguard (versions 0.8.0 to 0.8.1) involves the discover_pipeline_files() function in src/ciguard/discovery.py, which walks directory trees following symlinks with cycle protection by tracking resolved paths. However, an attacker able to plant a symlink in a directory scanned by the user or an AI agent can cause the function to traverse into the symlink target, returning paths to pipeline-shaped files outside the requested root directory. This improper link resolution before file access (CWE-59) can lead to unintended file discovery. The issue is resolved in version 0.8.2.
Potential Impact
The vulnerability allows an attacker with the ability to place symlinks in scanned directories to cause ciguard to discover files outside the intended root directory. This could lead to information disclosure of pipeline-shaped files outside the scan scope. The CVSS score is 3.2 (low severity), reflecting limited impact with local attack vector, low complexity, requiring privileges and user interaction, and only partial confidentiality impact. There are no known exploits in the wild.
Mitigation Recommendations
This vulnerability is fixed in ciguard version 0.8.2. Users should upgrade to version 0.8.2 or later to remediate this issue. No other official remediation level or temporary fix is provided. Patch status is confirmed by the vendor's versioning information. Until upgraded, users should avoid scanning directories where untrusted users can create symlinks.
CVE-2026-44220: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Jo-Jo98 ciguard
Description
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory the user (or AI agent) scans can cause discovery to walk into the symlink target and return paths to pipeline-shaped files outside the requested root. This vulnerability is fixed in 0.8.2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Jo-Jo98's ciguard (versions 0.8.0 to 0.8.1) involves the discover_pipeline_files() function in src/ciguard/discovery.py, which walks directory trees following symlinks with cycle protection by tracking resolved paths. However, an attacker able to plant a symlink in a directory scanned by the user or an AI agent can cause the function to traverse into the symlink target, returning paths to pipeline-shaped files outside the requested root directory. This improper link resolution before file access (CWE-59) can lead to unintended file discovery. The issue is resolved in version 0.8.2.
Potential Impact
The vulnerability allows an attacker with the ability to place symlinks in scanned directories to cause ciguard to discover files outside the intended root directory. This could lead to information disclosure of pipeline-shaped files outside the scan scope. The CVSS score is 3.2 (low severity), reflecting limited impact with local attack vector, low complexity, requiring privileges and user interaction, and only partial confidentiality impact. There are no known exploits in the wild.
Mitigation Recommendations
This vulnerability is fixed in ciguard version 0.8.2. Users should upgrade to version 0.8.2 or later to remediate this issue. No other official remediation level or temporary fix is provided. Patch status is confirmed by the vendor's versioning information. Until upgraded, users should avoid scanning directories where untrusted users can create symlinks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-05T15:42:40.517Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a038bd7cbff5d861016495d
Added to database: 5/12/2026, 8:21:43 PM
Last enriched: 5/12/2026, 8:39:18 PM
Last updated: 5/13/2026, 4:49:16 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.