Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vulncheck) · only source for this CVE.
CVSS VectorVendor: vulncheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Blast Radius
ecosystem impact- 2 pypi packages depend on taipy (2 direct, 0 indirect)
Ecosystem-wide dependent count for version 4.1.1.
DescriptionCVE.org
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using str.startswith() without a trailing path separator. Attackers can send crafted GET requests with path traversal segments targeting a prefix-matching sibling directory on disk, bypassing the directory containment check because Flask's path converter and Werkzeug's WSGI layer preserve the traversal segments while the resolved path still satisfies the flawed startswith comparison, enabling unauthorized file access outside the intended library directory.
AnalysisAI
Unauthorized file disclosure in Taipy 4.1.1 lets remote unauthenticated attackers read files outside an extension library's intended directory through the GUI ElementLibrary.get_resource() resource handler. The containment check used str.startswith() without a trailing separator, so a crafted request with traversal segments can resolve into a prefix-matching sibling directory on disk while still passing the flawed check. Impact is confined to confidentiality (file read), with no public exploit identified at time of analysis and no CISA KEV listing.
Technical ContextAI
Taipy is a Python framework for building data and AI web applications; its GUI layer supports custom extension libraries that ship static assets served at runtime by ElementLibrary.get_resource() in taipy/gui/extension/library.py. That method computed a target file path from the requested name and validated it stayed within the library's base directory using str(file).startswith(str(base)). Because the comparison lacks a trailing path separator, it is a pure string-prefix test, so a sibling directory such as /app/lib_secret satisfies startswith('/app/lib'). This is a classic CWE-22 improper limitation of a pathname (path traversal): Flask's path converter and Werkzeug's WSGI layer preserve the encoded traversal segments end-to-end, while the resolved path still passes the prefix string match. The fix (commit 129fd40, PR #2871) replaces the string comparison with pathlib's file.is_relative_to(base), which performs a proper component-aware containment check.
RemediationAI
Upstream fix available (PR/commit); released patched version not independently confirmed - apply commit 129fd407ffca49ee4ab853772c88d0c873e038dd (Avaiga/taipy PR #2871), which replaces the unsafe str.startswith() containment check with pathlib's file.is_relative_to(base). Until a packaged release containing this commit is confirmed, upgrade from source to a build that includes it, or backport the one-line change to the get_resource() check in taipy/gui/extension/library.py. As compensating controls where patching is not yet possible: avoid registering custom extension libraries in directories that share a name prefix with adjacent sensitive directories (renaming removes the prefix-match condition the attack depends on), and place the Taipy app behind a reverse proxy or WAF rule that normalizes and rejects URL paths containing encoded or literal ../ traversal segments before they reach the resource endpoint - noting that overly aggressive path normalization can break legitimately encoded resource names. Refer to the vendor advisory at https://www.vulncheck.com/advisories/taipy-path-traversal-via-elementlibrary-get-resource and issue #2868 for details.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32531
GHSA-28gh-q3gw-pvx8