Cyber Resilience

CVE-2026-22870

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 11.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22870 is a high-severity Data Amplification (CWE-409) vulnerability in Datadoghq Guarddog. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-22870 is a denial-of-service vulnerability in GuardDog, a CLI tool designed to identify malicious PyPI packages. In versions prior to 2.7.1, the safe_extract() function does not validate decompressed file sizes when extracting ZIP archives, such as Python wheels and eggs. This flaw, classified under CWE-409 (Insufficient Resource Pool), allows attackers to craft zip bombs that expand a few megabytes of compressed data into gigabytes of disk space, exhausting storage resources. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Any attacker can exploit this vulnerability remotely by publishing a malicious PyPI package containing a zip bomb. Security practitioners or developers scanning untrusted packages with vulnerable GuardDog instances trigger the extraction process, leading to rapid disk space consumption and potential system denial of service. No user interaction, privileges, or special access is required, making it accessible over the network with low attack complexity.

The vulnerability is addressed in GuardDog version 2.7.1. Official mitigation details are available in the GitHub security advisory at https://github.com/DataDog/guarddog/security/advisories/GHSA-ffj4-jq7m-9g6v and the fixing commit at https://github.com/DataDog/guarddog/commit/c3fb07b4838945f42497e78b7a02bcfb1e63969b. Users should upgrade to 2.7.1 or later to prevent exploitation.

EU & UK References

Vulnerability details

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious…

more

package can consume gigabytes of disk space from a few megabytes of compressed data. This vulnerability is fixed in 2.7.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables remote DoS via crafted zip bomb (resource exhaustion on extraction) directly matching application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22871Same product: Datadoghq Guarddog
CVE-2024-7765Shared CWE-409
CVE-2026-22776Shared CWE-409
CVE-2026-43970Shared CWE-409
CVE-2026-1526Shared CWE-409
CVE-2026-21441Shared CWE-409
CVE-2026-28435Shared CWE-409
CVE-2026-40036Shared CWE-409
CVE-2026-27809Shared CWE-409
CVE-2025-69223Shared CWE-409

Affected Assets

datadoghq
guarddog
≤ 2.7.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-5 employs denial-of-service protection mechanisms that directly counter resource exhaustion from zip bombs during ZIP extraction in GuardDog.

prevent

SC-6 restricts resource allocation and enforces consumption limits on storage, preventing disk space exhaustion from decompressed malicious archives.

prevent

SI-10 mandates validation of information inputs like decompressed file sizes in ZIP archives, blocking zip bomb exploitation in GuardDog's safe_extract().

References