CVE-2026-48544
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| taipy | taipy | 4.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Taipy version 4.1.1 within the ElementLibrary.get_resource() method. It is a path traversal flaw that allows unauthenticated attackers to access files outside the intended module directory. The issue arises because the method uses an incomplete path containment check with str.startswith() that does not consider a trailing path separator. Attackers can craft GET requests containing path traversal segments that target sibling directories on disk. Due to how Flask's path converter and Werkzeug's WSGI layer preserve these traversal segments, the flawed startswith check is bypassed, enabling unauthorized file access beyond the library directory.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to files outside the intended directory, potentially exposing sensitive information or configuration files. Since the attack requires no authentication, it poses a high risk of data leakage or information disclosure. The CVSS v3.1 score of 7.5 indicates a high severity impact on confidentiality without affecting integrity or availability.