CVE-2026-44218: ciguard: Container image runs as root (no USER directive)

May 5, 2026

The published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactful than it needs to be.

References

github.com/Jo-Jo98/ciguard
github.com/Jo-Jo98/ciguard/releases/tag/v0.8.2
github.com/Jo-Jo98/ciguard/releases/tag/v0.8.3
github.com/Jo-Jo98/ciguard/security/advisories/GHSA-jrm4-4pcf-4763
github.com/advisories/GHSA-jrm4-4pcf-4763
nvd.nist.gov/vuln/detail/CVE-2026-44218

Code Behaviors & Features

Detect and mitigate CVE-2026-44218 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →