Skip to main content

Security advisory, May 2026

This advisory summarises three packaging incidents on the public SDK distribution channels during May 2026, what was affected, what was done, and what every user should do.

None of the issues affected the runtime behaviour of the policy engine, the audit trail, or any deployed Control Zero service. All three were issues with what was packaged into the published SDK artifact.

Affected versions

ChannelAffected versionsStatus
PyPI, controlzero1.5.0, 1.5.5Yanked. Use >=1.5.7.
Go proxy, controlzero.ai/sdk/gov1.7.0 through v1.7.4Retracted. Use >=v1.7.5.
npm, @controlzero/sdk1.9.0Block in progress. Use <=1.8.x or wait for 1.9.2.

What happened

PyPI 1.5.0 and 1.5.5

Two Python SDK releases shipped with inline source comments and string fixtures referencing customer names from internal triage notes. The runtime did not transmit this data anywhere. The exposure was limited to anyone who read the package source.

Fix: the offending strings and comments were scrubbed; the wheels were yanked from PyPI; 1.5.7 was published as the clean successor.

Go v1.7.0 through v1.7.4

A subset of Go SDK tags shipped the same scrubbed string fixtures as the Python wheels, plus a realistic-looking API key example used in test scaffolding. Because the Go module proxy serves immutable cached zips, the only safe path is to retract the affected tags and republish a clean version.

Fix: every tag from v1.7.0 through v1.7.4 was retracted in the module file; v1.7.5 is the clean successor.

npm @controlzero/sdk@1.9.0

The 1.9.0 wheel contained a single customer-name reference inside a CHANGELOG entry that was bundled into the tarball. Attempts to unpublish or override are currently blocked by the registry pending support response. A clean 1.9.2 is queued and will publish once the registry block is resolved.

In the meantime, the 1.8.x line on npm is unaffected and remains the recommended pin.

What we did

  • Scrubbed every offending file from the source tree.
  • Added an IP scrub gate to the pre-push wrapper. The gate scans every published artifact for customer names, realistic-looking key fixtures, and internal hostnames before any commit can be pushed.
  • Republished a clean version on each channel where republication is possible.
  • Filed a registry support ticket where republication is not possible.
  • Added a parity test for the scrub gate across Python, Node, and Go release scripts so a clean release cannot regress.

What you should do

  1. If you are on Python controlzero 1.5.0 or 1.5.5: upgrade.

    pip install -U "controlzero>=1.5.7"

  2. If you are on Go SDK v1.7.0 through v1.7.4: upgrade.

    go get controlzero.ai/sdk/go@v1.7.5
    go mod tidy

    If your build pins one of the retracted tags, the Go toolchain will warn you on the next go mod tidy. Re-pin to >=v1.7.5.

  3. If you are on npm @controlzero/sdk@1.9.0: downgrade to the 1.8.x line, or wait for 1.9.2.

    npm install @controlzero/sdk@1.8

    We will publish a follow-up note here when 1.9.2 ships.

  4. If you are on any other version: no action needed.

Reporting future issues

If you find anything in a published artifact that looks like it should not be there, including customer references, realistic-looking credentials, or internal hostnames, please report it privately to security@controlzero.ai. See the security policy for the full disclosure flow.