CVE-2026-45554 in niceguiinformation

Résumé

par MITRE • 02/06/2026

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Réserver

12/05/2026

Divulgation

02/06/2026

Modérer

accepté

Entrée

VDB-367965

CPE

prêt

CWE

CWE-248 (confirmé)

CVSS

5.3 (CNA)

EPSS

0.00182

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45554
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45554
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45554/

◂ Précédent Aperçu Suivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!