Skip to main content

Banana Slides CVE-2026-49136

| EUVD-2026-33753 HIGH
Path Traversal (CWE-22)
2026-06-01 VulnCheck GHSA-f757-35w9-6h9q
Path Traversal Banana Slides
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jun 01, 2026 - 21:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 01, 2026 - 21:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 01, 2026 - 21:22 vuln.today
cvss_changed
CVSS changed
Jun 01, 2026 - 21:22 NVD
7.5 (HIGH) 8.7 (HIGH)
Source Code Evidence Fetched
Jun 01, 2026 - 20:51 vuln.today
Analysis Generated
Jun 01, 2026 - 20:51 vuln.today

DescriptionCVE.org

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check using os.path.startswith() without a trailing separator. Attackers can supply crafted markdown image references in user-controlled page descriptions that resolve to sibling directories whose names share the uploads folder prefix, bypassing the directory confinement check and causing the application to read files from unintended locations via PIL Image.open().

AnalysisAI

Path traversal in Banana Slides through 0.4.0 allows unauthenticated remote attackers to read arbitrary image-format files outside the uploads directory via the generate_image() function in the AI service backend. The flaw stems from an incomplete prefix check using os.path.startswith() without a trailing separator, letting sibling directories whose names share the uploads folder prefix bypass containment. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Banana Slides instance ≤ 0.4.0
Delivery
Submit page description with crafted /files/../sibling-dir/img.png reference
Exploit
Bypass startswith() prefix check
Execution
PIL Image.open() reads target file
Impact
Image content returned via AI generation pipeline
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No authentication or user interaction is required (CVSS PR:N/UI:N/AV:N/AC:L); the attacker only needs network reach to a Banana Slides instance running version ≤ 0.4.0 with the AI image-generation feature enabled and reachable input fields (page descriptions or markdown image references that flow into generate_image()). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 scores this 8.7 with vector AV:N/AC:L/AT:N/PR:N/UI:N and VC:H (high confidentiality impact, no integrity or availability impact), reflecting network-reachable, unauthenticated, low-complexity exploitation that leaks file contents. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker submits a page description containing a crafted markdown image reference such as '/files/../uploads_secret/flag.png' (or any sibling directory whose name shares the 'uploads' prefix). The AI service resolves this path, the flawed startswith() check passes, and PIL Image.open() reads the targeted image-format file and incorporates it as a reference image, leaking its contents back through the image-generation flow. …
Remediation Upstream fix available (commit e8bc490 via PR #430); a released patched version beyond 0.4.0 is not independently confirmed, so operators should deploy the fixed commit directly from https://github.com/Anionex/banana-slides/commit/e8bc490ec8b4b657e07dc3ab4e94fbedcaade421 or a build that includes it - the fix replaces the prefix check with os.path.realpath() plus os.path.commonpath() and switches existence check to os.path.isfile(). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Banana Slides deployments running version 0.4.0 and apply the patch available per vendor advisory (commit e8bc490 or later) or disable image generation functionality immediately. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49136 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy