CVE-2026-48544 in taipyinfo

Zusammenfassung

von MITRE • 27.05.2026

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using str.startswith() without a trailing path separator. Attackers can send crafted GET requests with path traversal segments targeting a prefix-matching sibling directory on disk, bypassing the directory containment check because Flask's path converter and Werkzeug's WSGI layer preserve the traversal segments while the resolved path still satisfies the flawed startswith comparison, enabling unauthorized file access outside the intended library directory.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

21.05.2026

Veröffentlichung

27.05.2026

Moderieren

akzeptiert

Eintrag

VDB-366365

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00235

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-48544
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-48544
CVE Details	https://www.cvedetails.com/cve/CVE-2026-48544/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!