GHSA-8cxw-cc62-q28v: ciguard: discover_pipeline_files follows symlinks out of scan root
Summary
The `discover_pipeline_files()` function in ciguard (a tool used by AI agents to scan code repositories) followed symlinks (shortcuts that point to other directories) without proper restrictions, allowing an attacker to trick it into reading sensitive files outside the intended scan directory. An AI agent scanning a malicious folder with planted symlinks could accidentally expose secrets from system directories like ~/.aws/ or /etc/.
Solution / Mitigation
Fixed in v0.8.2 and v0.8.3. The patch adds a new `follow_symlinks: bool = False` parameter to `discover_pipeline_files()` that refuses to descend into symlinked directories or files by default. Additionally, all results are filtered to verify their resolved paths lie under the requested root directory, even if callers enable symlink following.
Vulnerability Details
EPSS: 0.0%
Yes
May 5, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-8cxw-cc62-q28v
First tracked: May 5, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%