HIGH
Avaiga
CVE published 2026-05-27
CVE-2026-48544
A path traversal vulnerability in Taipy 4.1.1 allows unauthenticated remote attackers to read arbitrary files outside the intended library directory. The flaw exists in `ElementLibrary.get_resource()` in `taipy/gui/extension/library.py`, where an incomplete path containment check using `str.startswith()` without a trailing path separator permits attackers to bypass directory restrictions by sending crafte [truncated]