cashd (>=0.1.0 <=0.3.4.post1), taipy-utils (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-48544 via taipy (>=3.1.0 <=4.1.1)

taipy PYPI version =3.1.0, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2026-48544 Source advisory: SNYK:PYTHON-TAIPY-17178796...

CVE-2026-48544 Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

CVE-2026-48544

Taipy 4.1.1 contains a path traversal vulnerability in ElementLibrary.get_resource() within taipy/gui/extension/library.py. The issue arises from an incomplete directory containment check using str.startswith() without a trailing path separator, allowing crafted GET requests with path traversal s...