Static Security Auditor Vulnerability in Ciguard by Jo-Jo98
CVE-2026-44218

3LOW

Key Information:

Vendor: Jo-jo98
Status: Ciguard
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-44218?

Ciguard, a static security auditor for CI/CD pipelines, is affected by a privilege escalation vulnerability due to the Dockerfile's omission of a USER directive. This causes the container image to run with root privileges, potentially exposing systems to significant risk. Users are advised to upgrade to version 0.8.2, where this issue has been addressed. For further details, visit the official advisory at GitHub.

Affected Version(s)

ciguard >= 0.1.0, < 0.8.2

References

https://github.com/Jo-Jo98/ciguard/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44218 Data

JSON

Jo-jo98

What is CVE-2026-44218?

Affected Version(s)

References

CVSS V3.1

Timeline