Path Traversal Vulnerability in Taipy GUI by Avaiga
CVE-2026-48544

8.7HIGH

Key Information:

Vendor

Avaiga

Status
Taipy
Vendor
CVE Published:
27 May 2026

What is CVE-2026-48544?

The Taipy 4.1.1 release features a vulnerability in the ElementLibrary.get_resource() method within taipy/gui/extension/library.py, allowing unauthenticated attackers to exploit an incomplete path containment check. This flaw can enable attackers to craft GET requests with path traversal segments, allowing them to bypass intended directory restrictions and potentially access files outside the intended module directory. As Flask's path converter and Werkzeug's WSGI layer preserve traversal segments, the flawed startswith comparison can be exploited, resulting in unauthorized file access.

Affected Version(s)

taipy 0 <= 4.1.1

taipy 0 <= 4.1.1

taipy 129fd407ffca49ee4ab853772c88d0c873e038dd

References

https://github.com/Avaiga/taipy/issues/2868
technical-description
https://github.com/Avaiga/taipy/pull/2871
issue-tracking
https://github.com/Avaiga/taipy/commit/129fd407ffca49ee4a...
patch

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YU SUN
.