Filtered by vendor Jugmac00
Subscriptions
Filtered by product Flask-reuploaded
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27641 | 1 Jugmac00 | 1 Flask-reuploaded | 2026-02-25 | 9.8 Critical |
| Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection (SSTI). Flask-Reuploaded has been patched in version 1.5.0. Some workarounds are available. Do not pass user input to the `name` parameter, use auto-generated filenames only, and implement strict input validation if `name` must be used. | ||||
Page 1 of 1.