Improper Restriction of Rendered UI Layers or Frames Affecting ciguard package, versions [,0.8.2)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-CIGUARD-16428629
- published6 May 2026
- disclosed5 May 2026
- creditUnknown
Introduced: 5 May 2026
New CVE NOT AVAILABLE CWE-1021 (opens in a new tab)How to fix?
Upgrade ciguard to version 0.8.2 or higher.
Overview
ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server (pip install 'ciguard[mcp]') exposing scan / scan_repo / explain_rule / diff_baseline / list_rules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression, baseline / delta reports, EOL-aware image checks, GitHub Actions CVE lookups across GitLab CI, GitHub Actions, and Jenkins Pipelines. Pre-commit hook + CIGUARD_MCP_DISABLED enterprise gate.
Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to missing HTTP security headers in the web interface. An attacker can compromise the integrity of the web application by exploiting the absence of headers such as Content-Security-Policy, X-Frame-Options, and Sub-Resource-Integrity, potentially enabling attacks like clickjacking or injection of malicious scripts when a user interacts with the web UI.