HIGH
sqlalchemy
CVE published 2026-04-23
CVE-2026-41205
A path traversal vulnerability exists in Mako, a Python template library, prior to version 1.3.11. The vulnerability resides in `TemplateLookup.get_template()` when processing URIs beginning with double slashes (`//`). An inconsistency between two slash-stripping implementations allows attackers to bypass path normalization and traverse outside intended template directories. When applications pass untrust [truncated]