Cyber Resilience

CVE-2026-44972

Medium

Published: 27 May 2026

Published
27 May 2026
Modified
29 May 2026
KEV Added
Patch
CVSS Score v3.1 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0011 1.7th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-44972 is a medium-severity Improper Encoding or Escaping of Output (CWE-116) vulnerability. Its CVSS base score is 5.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Hide Artifacts (T1564); ranked at the 1.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject…

more

ANSI or OSC escape sequences into analyst terminals or CI logs.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1564 Hide Artifacts Stealth
Adversaries may attempt to hide artifacts associated with their behaviors to evade detection.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Terminal escape injection in security tool output directly enables hiding artifacts in logs/terminals and impairing defensive analysis of malicious packages.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-116

Validating that output matches expected content directly mitigates failures to properly encode or escape data for its destination context.

References