{"id":"CVE-2026-44219","summary":"ciguard: SCA HTTP client reads response body without size cap","details":"ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev (or a successful TLS MITM) could return a multi-GB response, exhausting the ciguard process's memory. This vulnerability is fixed in 0.8.2.","aliases":["GHSA-xw8c-rrvx-f7xq","PYSEC-2026-2410"],"modified":"2026-07-15T01:49:12.614700299Z","published":"2026-05-12T19:40:28.848Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44219.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-770"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44219.json"},{"type":"ADVISORY","url":"https://github.com/Jo-Jo98/ciguard/security/advisories/GHSA-xw8c-rrvx-f7xq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44219"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jo-jo98/ciguard","events":[{"introduced":"d42195e10be0d7d9bfb4ec45fecfb83521d3fc67"},{"fixed":"477c69aca38634bc56bf958e4ab4891cb0da92db"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0.6.0"},{"fixed":"0.8.2"}]}}],"versions":["v0.8.1","v0.8.0","v0.7.0","v0.6.1","v0.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44219.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}