CVE-2026-48544— Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()
Possible ATT&CK Techniques 2AI
T1190 · Exploit Public-Facing Application T1083 · File and Directory DiscoveryGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48544
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()
Source: NVD (National Vulnerability Database)
Vulnerability Description
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using str.startswith() without a trailing path separator. Attackers can send crafted GET requests with path traversal segments targeting a prefix-matching sibling directory on disk, bypassing the directory containment check because Flask's path converter and Werkzeug's WSGI layer preserve the traversal segments while the resolved path still satisfies the flawed startswith comparison, enabling unauthorized file access outside the intended library directory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Taipy 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Taipy是Avaiga开源的一款应用程序。专为数据科学家和机器学习工程师构建数据和人工智能网络应用程序而设计。 Taipy 4.1.1版本存在路径遍历漏洞,该漏洞源于ElementLibrary.get_resource()方法中路径包含检查不完整,可能导致未经身份验证的攻击者通过特制GET请求逃逸预期模块目录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48544
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCVerified env Premium
Qwen3.6-35B-A3B · 12698 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-48544
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-48544 (2)
Proof of Concept for CVE-2026-48544 (1)
Other References for CVE-2026-48544 (1)
IV. Related Vulnerabilities
Same weakness: CWE-22
- CVE-2016-20081
WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal - CVE-2016-20076
WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and D - CVE-2026-12211
Intelbras iNVU 7016 FT Web syslog path traversal - CVE-2026-12198
Microweber API Endpoint thumbnail_img userfiles_path path tr - CVE-2026-12089
WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.
V. Comments for CVE-2026-48544
No comments yet