216.73.216.133

CVE-2026-45554

· Published 02/06/2026 16:16 · Modified 02/06/2026 17:15

Labels: CVE-2026-45554 2026-06-02CVE-2026-45554CWE-248[email protected]

Essential information

Published
02/06/2026 16:16
Modified
02/06/2026 17:15
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS metrics

Description

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nicegui / nicegui cpe:2.3:a:nicegui:nicegui:<3.12.0:*:*:*:*:*:*:*

References