CVE-2026-49136
Received Received - Intake
Path Traversal in Banana Slides AI Service

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check using os.path.startswith() without a trailing separator. Attackers can supply crafted markdown image references in user-controlled page descriptions that resolve to sibling directories whose names share the uploads folder prefix, bypassing the directory confinement check and causing the application to read files from unintended locations via PIL Image.open().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-02
AI Q&A
2026-06-02
EPSS Evaluated
N/A
NVD
CVE-2026-49136
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
banana_slides banana_slides 0.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Banana Slides version 0.4.0 in the generate_image() function of the AI service backend. It is a path traversal vulnerability that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory.

The issue arises because the application uses an incomplete path prefix check with os.path.startswith() without a trailing separator. Attackers can craft markdown image references in user-controlled page descriptions that resolve to sibling directories sharing the uploads folder prefix, bypassing the directory confinement check.

As a result, the application may read files from unintended locations using the PIL Image.open() function.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to read sensitive image files outside the designated uploads directory without authentication.

Since the vulnerability allows arbitrary file reading, attackers could potentially access confidential or private image data stored on the server, leading to information disclosure.

The CVSS v3.1 score of 7.5 (High) and v4.0 score of 8.7 (High) reflect the severity of this vulnerability, indicating a significant risk of confidentiality breach.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart