Skip to content
CVSS 7.5 · HIGH

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.

Ver en NVD

Análisis

Mako versions before 1.3.11 are vulnerable to path traversal when processing URIs starting with double slashes. If your application passes untrusted input to TemplateLookup.get_template(), an attacker could potentially read sensitive files on the server. Update to version 1.3.11 or later to fix this issue.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-22

EPSS

Probabilidad de explotación (próx. 30 días): 0.0009 (0.1%)
Percentil: 25.3%
EPSS: 2026-05-06

Afecta

sqlalchemy:mako

Descripción técnica

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.

Publicada: 23/4/2026, 19:17:29
Última modificación: 28/4/2026, 19:14:56

Referencias

InicioEventosBlogRecursosEquipo