CVE-2026-21860
CVE-2026-21860 affects Werkzeug’s safe_join on Windows, allowing segments with Windows device names (e.g., CON, AUX) plus extensions or trailing spaces in versions prior to 3.1.5. IBM-security notices confirm real-world impact in affiliated products: IBM Watson Discovery Cartridge (InfoSphere/Dis...