CVE-2026-48544

CVE Database · CVE-2026-48544

CVE-2026-48544

· HIGHDeferred

CVSS v3.1

7.5

CVSS v4.0

8.7

EPSS

0.41%

Published

May 27, 2026

Modified

May 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using str.startswith() without a trailing path separator. Attackers can send crafted GET requests with path traversal segments targeting a prefix-matching sibling directory on disk, bypassing the directory containment check because Flask's path converter and Werkzeug's WSGI layer preserve the traversal segments while the resolved path still satisfies the flawed startswith comparison, enabling unauthorized file access outside the intended library directory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-22

References (5)

https://github.com/Avaiga/taipy/commit/129fd407ffca49ee4ab853772c88d0c873e038dd

https://github.com/Avaiga/taipy/issues/2868

https://github.com/Avaiga/taipy/pull/2871

https://www.vulncheck.com/advisories/taipy-path-traversal-via-elementlibrary-get-resource

https://github.com/Avaiga/taipy/issues/2868

KEV Catalog EPSS Scores Vendors All CVEs