AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-45046: Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine wha

mediumvulnerability

securityprivacy

Source: NVD/CVE DatabaseMay 27, 2026CVE-2026-45046

Summary

Gryph is a security tool that protects AI coding agents (software that writes code with AI help) by controlling what information gets saved to a local database. Before version 0.7.0, Gryph's documentation incorrectly stated that logging (recording activity) was set to a minimal level by default, but it was actually set to standard, causing sensitive file content to be stored in the database even though Gryph was supposed to filter it out.

Solution / Mitigation

This vulnerability is fixed in version 0.7.0.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

local

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

May 27, 2026

Classification

Attack Type

PII Leakage

Attack SophisticationTrivial

Impact (CIA+S)

confidentiality

AI Component TargetedAgent

Taxonomy References

CWE (Weakness Type)

CWE-212

Affected Vendors

Related Issues

medium

CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure

Similar attackNVD/CVE Database

high

GHSA-4jpm-cgx2-8h37: Flowise: Sensitive Data Leak in public-chatbotConfig

Similar attack

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45046

First tracked: May 28, 2026 at 02:08 AM

Classified by LLM (prompt v3) · confidence: 92%