CVE-2026-45046
Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
描述
Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive `file-write` content remains in the stored `payload` as `ContentPreview`, `OldString`, or `NewString` at the default `standard` logging level and at `full`. This leads to logging of potentially sensitive file content in the local sqlite database, violating Gryphs sensitive file filter and log level contracts. ### Impact Potentially sensitive data accessed or written by coding agents may be logged to local sqlite database. Users of Gryph are affected ONLY if their local sqlite database is stolen or exported to remote system with the assumption that no sensitive data is logged. ### Patches Fixed in v0.7.0
如何修補 CVE-2026-45046
要修補 CVE-2026-45046,請將受影響套件升級到下列已修補版本。
- —升級至 0.7.0 或更新版本
CVE-2026-45046 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 0.7.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |