Ctrl + K
/ news / CVE
CVEPublished 2026-05-27Modified 2026-06-010 articles on news6 live referencesNVD data

CVE-2026-45046

Vulnerability data via NVD (ingested)

CVSS v3.1
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS percentile
Weaknesses (CWE)
CWE-212Improper Removal of Sensitive Information Before Storage or Transfer
Description

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive file-write content remains in the stored payload as ContentPreview, OldString, or NewString at the default standard logging level and at full. This leads to logging of potentially sensitive file content in the local sqlite database, violating Gryphs sensitive file filter and log level contracts. This vulnerability is fixed in 0.7.0.

Timeline
Published 2026-05-27
Modified 2026-06-01

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-45046
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-45046
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-45046
Censys host search filtered to this CVE id.
grep.app
CVE-2026-45046
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-45046
GitHub code search for direct mentions.
Google dork
"CVE-2026-45046" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-450468 repos
jekil/awesome-hackingPython
Awesome hacking is an awesome collection of hacking tools.
★ 3,851·updated 3w ago
GhostTroops/TOPShell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
★ 730·updated today
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
★ 612·updated 2mo ago
Qualys/log4jscanwinC
Log4j Vulnerability Scanner for Windows
★ 159·updated 6mo ago
orcasecurity/orca-skillsunknown
Skills and plugins to accelerate security workflows with the Orca Cloud Platform
★ 44·updated 4d ago
Qualys/log4jscanlinuxShell
★ 37·updated 6mo ago
phax/phoss-directoryJava
The official Peppol Directory software
★ 29·updated 5d ago
rmdes/stargazerPython
Auto-sorting CLI for GitHub starred repos — classify 5000+ stars into taxonomy using Claude AI, publish to GitHub Lists and awesome-list README
★ 6·updated 3mo ago
We haven't classified any articles referencing CVE-2026-45046 yet. The external references above still apply.