Sensitive Data Exposure in Gryph Security Layer for AI Coding Agents
CVE-2026-45046

5.5MEDIUM

Key Information:

Vendor: Safedep
Status: Gryph
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45046?

Gryph, a security layer for AI coding agents, has a vulnerability that allows sensitive file content to be logged in a local sqlite database due to improper logging configurations. Although the documentation indicates a minimal default logging level, it actually utilizes a standard level, which records sensitive information in its payload. This flaw can lead to unauthorized access to potentially sensitive data, violating Gryph's security protocols. The issue has been resolved in version 0.7.0, highlighting the importance of keeping software up to date to mitigate such risks.

Affected Version(s)

gryph < 0.7.0

References

https://github.com/safedep/gryph/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-45046 Data

JSON

Safedep

What is CVE-2026-45046?

Affected Version(s)

References

CVSS V3.1

Timeline