Memory Exhaustion Risk in Ciguard Static Security Auditor by Jo-Jo98
CVE-2026-44219

3.7LOW

Key Information:

Vendor: Jo-jo98
Status: Ciguard
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-44219?

The Ciguard static security auditor versions 0.6.0 to 0.8.1 are susceptible to a memory exhaustion risk due to unbounded JSON response handling in its SCA HTTP clients. An attacker could exploit this weakness by providing a compromised response that could exceed the available memory, potentially leading to process crashes. This vulnerability primarily impacts the capacity of the Ciguard process during CI/CD pipeline security audits. The issue has been addressed in version 0.8.2.

Affected Version(s)

ciguard >= 0.6.0, < 0.8.2

References

https://github.com/Jo-Jo98/ciguard/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44219 Data

JSON

Jo-jo98

What is CVE-2026-44219?

Affected Version(s)

References

CVSS V3.1

Timeline