CVE-2026-48544

EPSS 0.41%
Veröffentlicht 27.05.2026 15:16:30
Zuletzt bearbeitet 28.05.2026 17:16:33
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using str.startswith() without a trailing path separator. Attackers can send crafted GET requests with path traversal segments targeting a prefix-matching sibling directory on disk, bypassing the directory containment check because Flask's path converter and Werkzeug's WSGI layer preserve the traversal segments while the resolved path still satisfies the flawed startswith comparison, enabling unauthorized file access outside the intended library directory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAvaiga

≫

Produkt taipy

Default Statusaffected

Version <= 4.1.1

Version 0

Status affected

Version 129fd407ffca49ee4ab853772c88d0c873e038dd

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.324

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/Avaiga/taipy/commit/129fd407ffca49ee4ab853772c88d0c873e038dd

https://github.com/Avaiga/taipy/issues/2868

https://github.com/Avaiga/taipy/pull/2871

https://www.vulncheck.com/advisories/taipy-path-traversal-via-elementlibrary-get-resource

https://nvd.nist.gov/vuln/detail/CVE-2026-48544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-48544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-48544

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-48544