Security Bulletin:Werkzeug safe_join function allows path segments with Windows device names containing file extensions or trailing spaces

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly...

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

GHSA-5GFJ-64GH-MGMW AGiXT Vulnerable to Path Traversal in safe_join()

Summary The safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug [ CVE-2025-66221]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug, caused by a reading issue with Werkzeug's safejoin function that allows path segments with special device names to hang indefinately CVE-2025-66221. Werkzeug is used in our service runtimes. This...

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

CVE-2026-27199

CVE-2026-27199 affects Werkzeug. Versions 3.1.5 and earlier allow Windows device names as filenames when the path includes multiple segments, due to incomplete filtering in the safe_join function used by send_from_directory. When running on Windows, a request ending with a device name can open th...

Werkzeug 安全漏洞

Werkzeug is a comprehensive WSGI web application library developed by Pallets. Versions of Werkzeug 3.1.5 and earlier contained security vulnerabilities; these vulnerabilities stemmed from the safejoin function, which allowed Windows device names to be used as file names, potentially leading to...

Exploit for CVE-2026-27199

CVE-2026-27199 PoC: Werkzeug safejoin Windows Device-Name...

Werkzeug safe_join() allows Windows special device names

Werkzeug's safejoin function allows Windows device names as filenames if when preceded by other path segments. This was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safejoin accepts...

Improper Handling of Windows Device Names

Overview Affected versions of this package are vulnerable to Improper Handling of Windows Device Names via the safejoin function. An attacker can cause the application to hang indefinitely by requesting a path ending with a Windows special device name. Notes: 1 This is only vulnerable on Windows,...

Arbitrary File Access

Werkzeug is vulnerable to Arbitrary File Access. The vulnerability is due to insufficient validation in the safejoin function on Windows, where path segments using reserved device names such as CON or AUX with extensions or trailing spaces are allowed, enabling attackers to access special device...

CVE-2026-21860

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...

Linux Distros Unpatched Vulnerability : CVE-2026-21860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names th...

Improper Handling of Windows Device Names

Overview Affected versions of this package are vulnerable to Improper Handling of Windows Device Names via the safejoin function, which permits path segments containing Windows special device names with file extensions or trailing spaces. An attacker can access unintended files or devices by...

CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...

CVE-2026-21860

CVE-2026-21860 affects Werkzeug’s safe_join on Windows, allowing segments with Windows device names (e.g., CON, AUX) plus extensions or trailing spaces in versions prior to 3.1.5. IBM-security notices confirm real-world impact in affiliated products: IBM Watson Discovery Cartridge (InfoSphere/Dis...