CVE-2026-44307

by Fred · 12/05/2026

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. …. secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads of files outside the configured template directory. This vulnerability is fixed in 1.3.12.

More information : https://github.com/sqlalchemy/mako/commit/72e10c573ca0fbcbddd4455abca8ce92a61780d7

CVE-2026-44307

Similar

Recent Posts

Categories

CVE-2026-44307

Share this:

Similar

Recent Posts

Categories

Tags