216.73.217.139

CVE-2026-27199

· Published 21/02/2026 06:17 · Modified 21/02/2026 06:17

Labels: CVE-2026-27199 2026-02-21CVE-2026-27199CWE-67[email protected]

Essential information

Published
21/02/2026 06:17
Modified
21/02/2026 06:17
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safe_join accepts paths with multiple segments, such as example/NUL. The function send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been fixed in version 3.1.6.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
werkzeug / werkzeug cpe:2.3:a:werkzeug:werkzeug:<3.1.6:*:*:*:*:*:*:*
werkzeug / werkzeug cpe:2.3:a:werkzeug:werkzeug:3.1.5:*:*:*:*:*:*:*

References