Directory Traversal Vulnerability in Mako Template Library for Python
CVE-2026-44307

8.7HIGH

Key Information:

Vendor: Sqlalchemy
Status: Mako
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-44307?

The Mako template library, used in Python applications, is vulnerable to a directory traversal issue where an attacker could use backslash traversal sequences (e.g., ....\ secret.txt) to bypass security checks. This could allow unauthorized access to files outside the intended template directory, exposing sensitive information. It is crucial for users to upgrade to version 1.3.12 or later, where this security flaw is resolved. For more details, refer to the security advisory on GitHub.