Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

CVE-2026-27641

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

coati-payroll (>=1.0.1 <=1.10.0), now-lms (>=1.0.3 <=1.2.3) +1 more potentially affected by CVE-2026-27641 via flask-reuploaded (>=1.2.0 <=1.4.0)

flask-reuploaded PYPI version =1.2.0, =1.0.1, =1.0.3, =4.6.1, =5.0.0 Source cves: CVE-2026-27641 Source advisory: OSV:GHSA-65MP-FQ8V-56JR...

EUVD-2026-8616

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection...

GHSA-65MP-FQ8V-56JR Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

Impact A critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Patches Flask-Reuploaded has been patched in version 1.5.0 Workarounds 1. Do not...

coati-payroll (>=1.0.1 <=1.10.0), now-lms (>=1.0.3 <=1.2.3) +1 more potentially affected by CVE-2026-27641 via flask-reuploaded (>=1.2.0 <=1.4.0)

flask-reuploaded PYPI version =1.2.0, =1.0.1, =1.0.3, =4.6.1, =5.0.0 Source cves: CVE-2026-27641 Source advisory: SNYK:PYTHON-FLASKREUPLOADED-15363340...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Flask-Reuploaded is a Flexible and efficient upload handling for Flask Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the name parameter. An attacker can write arbitrary files and execute code on the server by...

CVE-2026-27641

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

CVE-2026-27641

CVE-2026-27641 affects the Flask-Reuploaded package used with Flask. The vulnerability is a critical path traversal and extension bypass in versions prior to 1.5.0, enabling remote attackers to perform arbitrary file writes and remote code execution via Server-Side Template Injection (SSTI). The ...

CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...