Which versions of Taipy are affected by CVE-2026-48544?

Taipy 4.1.1 exposes a remote unauthenticated file disclosure vulnerability in its GUI ElementLibrary resource handler, allowing attackers to read files outside intended directories without…

How to fix or mitigate CVE-2026-48544?

Within 24 hours: Inventory all systems running Taipy 4.1.1 and assess network exposure (internet-facing vs. internal only). Within 7 days: Implement network segmentation, disable ElementLibrary.get_resource() if not business-critical, and deploy WAF rules blocking path traversal patterns (../, %2e%2e, etc.). Within 30 days: Monitor Taipy security advisories for patched version 4.1.2 or later and establish upgrade timeline; contact Taipy maintainers for ETA if not yet released.

Taipy CVE-2026-48544

Q: What is the CVSS score of CVE-2026-48544?

CVE-2026-48544 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-32531 HIGH

Path Traversal (CWE-22)

2026-05-27 disclosure@vulncheck.com

GHSA-28gh-q3gw-pvx8

Python Path Traversal

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 27, 2026 - 20:10 vuln.today

Analysis Generated

May 27, 2026 - 20:10 vuln.today

DescriptionNVD

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using str.startswith() without a trailing path separator. Attackers can send crafted GET requests with path traversal segments targeting a prefix-matching sibling directory on disk, bypassing the directory containment check because Flask's path converter and Werkzeug's WSGI layer preserve the traversal segments while the resolved path still satisfies the flawed startswith comparison, enabling unauthorized file access outside the intended library directory.

AnalysisAI

Unauthorized file disclosure in Taipy 4.1.1 lets remote unauthenticated attackers read files outside an extension library's intended directory through the GUI ElementLibrary.get_resource() resource handler. The containment check used str.startswith() without a trailing separator, so a crafted request with traversal segments can resolve into a prefix-matching sibling directory on disk while still passing the flawed check. …

RemediationAI

Within 24 hours: Inventory all systems running Taipy 4.1.1 and assess network exposure (internet-facing vs. internal only). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-48544 vulnerability details – vuln.today

Back

Taipy CVE-2026-48544

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Taipy CVE-2026-48544

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code