CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

Arbitrary File Access

Werkzeug is vulnerable to Arbitrary File Access. The vulnerability is due to insufficient validation in the safejoin function on Windows, where path segments using reserved device names such as CON or AUX with extensions or trailing spaces are allowed, enabling attackers to access special device...

CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...

CVE-2026-21860

CVE-2026-21860 affects Werkzeug’s safe_join on Windows, allowing segments with Windows device names (e.g., CON, AUX) plus extensions or trailing spaces in versions prior to 3.1.5. IBM-security notices confirm real-world impact in affiliated products: IBM Watson Discovery Cartridge (InfoSphere/Dis...