Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-41205 (GCVE-0-2026-41205)
Vulnerability from cvelistv5 – Published: 2026-04-23 18:52 – Updated: 2026-05-20 01:32
VLAI
EPSS
Title
Mako: Path traversal via double-slash URI prefix in TemplateLookup
Summary
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/sqlalchemy/mako/security/advis… | x_refsource_CONFIRM |
| https://github.com/sqlalchemy/mako/commit/e05ac61… | x_refsource_MISC |
| https://github.com/sqlalchemy/mako/releases/tag/r… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sqlalchemy | mako |
Affected:
< 1.3.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T20:20:51.233790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T20:20:59.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mako",
"vendor": "sqlalchemy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T01:32:18.382Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm"
},
{
"name": "https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3"
},
{
"name": "https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11"
}
],
"source": {
"advisory": "GHSA-v92g-xgxw-vvmm",
"discovery": "UNKNOWN"
},
"title": "Mako: Path traversal via double-slash URI prefix in TemplateLookup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41205",
"datePublished": "2026-04-23T18:52:24.194Z",
"dateReserved": "2026-04-18T02:51:52.974Z",
"dateUpdated": "2026-05-20T01:32:18.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-41205",
"date": "2026-06-07",
"epss": "0.00093",
"percentile": "0.26113"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41205\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-23T19:17:29.270\",\"lastModified\":\"2026-05-20T02:16:36.087\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sqlalchemy:mako:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.11\",\"matchCriteriaId\":\"2653BBE1-C0D8-4375-8CC0-B7713D560924\"}]}]}],\"references\":[{\"url\":\"https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41205\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-23T20:20:51.233790Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-23T20:20:55.667Z\"}}], \"cna\": {\"title\": \"Mako: Path traversal via double-slash URI prefix in TemplateLookup\", \"source\": {\"advisory\": \"GHSA-v92g-xgxw-vvmm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"sqlalchemy\", \"product\": \"mako\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.3.11\"}]}], \"references\": [{\"url\": \"https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm\", \"name\": \"https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3\", \"name\": \"https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11\", \"name\": \"https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-20T01:32:18.382Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-41205\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-20T01:32:18.382Z\", \"dateReserved\": \"2026-04-18T02:51:52.974Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-23T18:52:24.194Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0698
Vulnerability from certfr_avis - Published: 2026-06-05 - Updated: 2026-06-05
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x antérieures à 8.5.6.3_IJ58210 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.0.x antérieures à 6.3.0.19 | ||
| IBM | QRadar Log Source Management App | QRadar Log Source Management App versions antérieures à 7.0.15 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.0.0 à 8.5.5.29 sans le correctif de sécurité temporaire PH71453 ou antérieures à 8.5.5.30 (disponibilité prévue pour le troisième trimestre 2026) | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.6_iFix051 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.0.x antérieures à 6.4.0.8 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.0.0 à 9.0.5.28 sans le correctif de sécurité temporaire PH71453 ou antérieures à 9.0.5.29 (disponibilité prévue pour le troisième trimestre 2026) | ||
| IBM | QRadar Assistant | QRadar AI Assistant versions antérieures à 2.0.0 | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5 sans le dernier correctif de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x antérieures à 6.4.0.4_iFix022 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures 3.12.25 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository Studio versions 8.5.x ant\u00e9rieures \u00e0 8.5.6.3_IJ58210",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.19",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Log Source Management App versions ant\u00e9rieures \u00e0 7.0.15",
"product": {
"name": "QRadar Log Source Management App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.0.0 \u00e0 8.5.5.29 sans le correctif de s\u00e9curit\u00e9 temporaire PH71453 ou ant\u00e9rieures \u00e0 8.5.5.30 (disponibilit\u00e9 pr\u00e9vue pour le troisi\u00e8me trimestre 2026)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix051",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.8",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.0.0 \u00e0 9.0.5.28 sans le correctif de s\u00e9curit\u00e9 temporaire PH71453 ou ant\u00e9rieures \u00e0 9.0.5.29 (disponibilit\u00e9 pr\u00e9vue pour le troisi\u00e8me trimestre 2026)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar AI Assistant versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "QRadar Assistant",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.4_iFix022",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures 3.12.25",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2026-33895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33895"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"name": "CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"name": "CVE-2026-25793",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25793"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2025-66035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66035"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2026-41314",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41314"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-42036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
},
{
"name": "CVE-2026-41313",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41313"
},
{
"name": "CVE-2026-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2022-35961",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35961"
},
{
"name": "CVE-2026-9319",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9319"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-0540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"name": "CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-2359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
},
{
"name": "CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-34479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34479"
},
{
"name": "CVE-2026-8644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8644"
},
{
"name": "CVE-2026-42040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
},
{
"name": "CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"name": "CVE-2026-41312",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41312"
},
{
"name": "CVE-2026-33891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33891"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2026-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
},
{
"name": "CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"name": "CVE-2026-42198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42198"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-41481",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41481"
},
{
"name": "CVE-2026-42038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"name": "CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"name": "CVE-2025-15599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15599"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2026-33151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33151"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"name": "CVE-2026-39373",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39373"
},
{
"name": "CVE-2026-41425",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41425"
},
{
"name": "CVE-2026-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8620"
},
{
"name": "CVE-2026-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8633"
},
{
"name": "CVE-2026-42034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
},
{
"name": "CVE-2026-9330",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9330"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2026-9311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9311"
},
{
"name": "CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"name": "CVE-2026-41238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41238"
},
{
"name": "CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"name": "CVE-2026-30951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30951"
},
{
"name": "CVE-2026-42037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
},
{
"name": "CVE-2026-42042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
},
{
"name": "CVE-2026-41168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41168"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2026-41205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41205"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"name": "CVE-2026-33896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33896"
},
{
"name": "CVE-2026-24486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24486"
}
],
"initial_release_date": "2026-06-05T00:00:00",
"last_revision_date": "2026-06-05T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0698",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274859",
"url": "https://www.ibm.com/support/pages/node/7274859"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274847",
"url": "https://www.ibm.com/support/pages/node/7274847"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274843",
"url": "https://www.ibm.com/support/pages/node/7274843"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274827",
"url": "https://www.ibm.com/support/pages/node/7274827"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274845",
"url": "https://www.ibm.com/support/pages/node/7274845"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274733",
"url": "https://www.ibm.com/support/pages/node/7274733"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274954",
"url": "https://www.ibm.com/support/pages/node/7274954"
},
{
"published_at": "2026-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7275089",
"url": "https://www.ibm.com/support/pages/node/7275089"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274746",
"url": "https://www.ibm.com/support/pages/node/7274746"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274858",
"url": "https://www.ibm.com/support/pages/node/7274858"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274738",
"url": "https://www.ibm.com/support/pages/node/7274738"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274740",
"url": "https://www.ibm.com/support/pages/node/7274740"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274860",
"url": "https://www.ibm.com/support/pages/node/7274860"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274750",
"url": "https://www.ibm.com/support/pages/node/7274750"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274846",
"url": "https://www.ibm.com/support/pages/node/7274846"
},
{
"published_at": "2026-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7275012",
"url": "https://www.ibm.com/support/pages/node/7275012"
},
{
"published_at": "2026-05-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274512",
"url": "https://www.ibm.com/support/pages/node/7274512"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273815",
"url": "https://www.ibm.com/support/pages/node/7273815"
}
]
}
FKIE_CVE-2026-41205
Vulnerability from fkie_nvd - Published: 2026-04-23 19:17 - Updated: 2026-05-20 02:16
Severity
Summary
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3 | ||
| security-advisories@github.com | https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11 | ||
| security-advisories@github.com | https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sqlalchemy | mako | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sqlalchemy:mako:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2653BBE1-C0D8-4375-8CC0-B7713D560924",
"versionEndExcluding": "1.3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11."
}
],
"id": "CVE-2026-41205",
"lastModified": "2026-05-20T02:16:36.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-04-23T19:17:29.270",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-V92G-XGXW-VVMM
Vulnerability from github – Published: 2026-04-16 21:16 – Updated: 2026-06-05 14:13
VLAI
Summary
Mako: Path traversal via double-slash URI prefix in TemplateLookup
Details
Summary
TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations:
Template.__init__strips one leading/usingif/sliceTemplateLookup.get_template()strips all leading/usingre.sub(r"^\/+", "")
When a URI like //../../../../etc/passwd is passed:
1. get_template() strips all / → ../../../../etc/passwd → file found via posixpath.join(dir_, u)
2. Template.__init__ strips one / → /../../../../etc/passwd → normpath → /etc/passwd
3. /etc/passwd.startswith(..) → False → check bypassed
Impact
Arbitrary file read: any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template().
Note: this is exploitable at the library API level. HTTP-based exploitation is mitigated by Python's BaseHTTPRequestHandler which normalizes double-slash prefixes since CPython gh-87389. Applications using other HTTP servers that do not normalize paths may be affected.
Fix
Changed Template.__init__ to use lstrip("/") instead of stripping only a single leading slash, so both code paths handle leading slashes consistently.
Severity
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.3.10"
},
"package": {
"ecosystem": "PyPI",
"name": "Mako"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41205"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-16T21:16:40Z",
"nvd_published_at": "2026-04-23T19:17:29Z",
"severity": "HIGH"
},
"details": "### Summary\n\n`TemplateLookup.get_template()` is vulnerable to path traversal when a URI starts with `//` (e.g., `//../../../secret.txt`). The root cause is an inconsistency between two slash-stripping implementations:\n\n- `Template.__init__` strips **one** leading `/` using `if`/slice\n- `TemplateLookup.get_template()` strips **all** leading `/` using `re.sub(r\"^\\/+\", \"\")`\n\nWhen a URI like `//../../../../etc/passwd` is passed:\n1. `get_template()` strips all `/` \u2192 `../../../../etc/passwd` \u2192 file found via `posixpath.join(dir_, u)`\n2. `Template.__init__` strips one `/` \u2192 `/../../../../etc/passwd` \u2192 `normpath` \u2192 `/etc/passwd`\n3. `/etc/passwd`.startswith(`..`) \u2192 `False` \u2192 **check bypassed**\n\n### Impact\n\nArbitrary file read: any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to `TemplateLookup.get_template()`.\n\nNote: this is exploitable at the library API level. HTTP-based exploitation is mitigated by Python\u0027s `BaseHTTPRequestHandler` which normalizes double-slash prefixes since CPython gh-87389. Applications using other HTTP servers that do not normalize paths may be affected.\n\n### Fix\n\nChanged `Template.__init__` to use `lstrip(\"/\")` instead of stripping only a single leading slash, so both code paths handle leading slashes consistently.",
"id": "GHSA-v92g-xgxw-vvmm",
"modified": "2026-06-05T14:13:04Z",
"published": "2026-04-16T21:16:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41205"
},
{
"type": "WEB",
"url": "https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mako/PYSEC-2026-88.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sqlalchemy/mako"
},
{
"type": "WEB",
"url": "https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Mako: Path traversal via double-slash URI prefix in TemplateLookup"
}
MSRC_CVE-2026-41205
Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-05-06 14:39Summary
Mako: Path traversal via double-slash URI prefix in TemplateLookup
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 21311-17084 | — | ||
| Unresolved product id: 21238-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41205.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Mako: Path traversal via double-slash URI prefix in TemplateLookup",
"tracking": {
"current_release_date": "2026-05-06T14:39:00.000Z",
"generator": {
"date": "2026-05-07T08:29:04.875Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-41205",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-04-25T01:05:53.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-04-26T01:04:47.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-04-27T14:39:53.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-05-06T01:41:40.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-05-06T14:39:00.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-mako 0:1.2.4-3.azl3",
"product": {
"name": "\u003cazl3 python-mako 0:1.2.4-3.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 python-mako 0:1.2.4-3.azl3",
"product": {
"name": "azl3 python-mako 0:1.2.4-3.azl3",
"product_id": "21311"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-mako 0:1.2.4-2.azl3",
"product": {
"name": "\u003cazl3 python-mako 0:1.2.4-2.azl3",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 python-mako 0:1.2.4-2.azl3",
"product": {
"name": "azl3 python-mako 0:1.2.4-2.azl3",
"product_id": "21238"
}
},
{
"category": "product_version_range",
"name": "cbl2 python-mako 0:1.2.2-2.cbl2",
"product": {
"name": "cbl2 python-mako 0:1.2.2-2.cbl2",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "python-mako"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-mako 0:1.2.4-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-mako 0:1.2.4-3.azl3 as a component of Azure Linux 3.0",
"product_id": "21311-17084"
},
"product_reference": "21311",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-mako 0:1.2.4-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-mako 0:1.2.4-2.azl3 as a component of Azure Linux 3.0",
"product_id": "21238-17084"
},
"product_reference": "21238",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-mako 0:1.2.2-2.cbl2 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41205",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21311-17084",
"21238-17084"
],
"known_affected": [
"17084-1",
"17084-3",
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41205.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-04-25T01:05:53.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-2"
]
},
{
"category": "vendor_fix",
"date": "2026-04-25T01:05:53.000Z",
"details": "0:1.2.4-3.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "Mako: Path traversal via double-slash URI prefix in TemplateLookup"
}
]
}
OPENSUSE-SU-2026:20645-1
Vulnerability from csaf_opensuse - Published: 2026-04-29 08:17 - Updated: 2026-04-29 08:17Summary
Security update for python-Mako
Severity
Important
Notes
Title of the patch: Security update for python-Mako
Description of the patch: This update for python-Mako fixes the following issue:
- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).
Patchnames: openSUSE-Leap-16.0-653
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:python313-Mako-1.3.10-160000.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://bugzilla.suse.com/1262716 | self |
| https://www.suse.com/security/cve/CVE-2026-41205/ | self |
| https://www.suse.com/security/cve/CVE-2026-41205 | external |
| https://bugzilla.suse.com/1262716 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Mako",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Mako fixes the following issue:\n\n- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-653",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20645-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1262716",
"url": "https://bugzilla.suse.com/1262716"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41205 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41205/"
}
],
"title": "Security update for python-Mako",
"tracking": {
"current_release_date": "2026-04-29T08:17:18Z",
"generator": {
"date": "2026-04-29T08:17:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20645-1",
"initial_release_date": "2026-04-29T08:17:18Z",
"revision_history": [
{
"date": "2026-04-29T08:17:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-Mako-1.3.10-160000.3.1.noarch",
"product": {
"name": "python313-Mako-1.3.10-160000.3.1.noarch",
"product_id": "python313-Mako-1.3.10-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Mako-1.3.10-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
},
"product_reference": "python313-Mako-1.3.10-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41205"
}
],
"notes": [
{
"category": "general",
"text": "Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41205",
"url": "https://www.suse.com/security/cve/CVE-2026-41205"
},
{
"category": "external",
"summary": "SUSE Bug 1262716 for CVE-2026-41205",
"url": "https://bugzilla.suse.com/1262716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:17:18Z",
"details": "important"
}
],
"title": "CVE-2026-41205"
}
]
}
PYSEC-2026-88
Vulnerability from pysec - Published: 2026-04-23 19:17 - Updated: 2026-05-20 09:19
VLAI
Details
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.
Severity
7.5 (High)
Impacted products
| Name | purl | mako | pkg:pypi/mako |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mako",
"purl": "pkg:pypi/mako"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.1.0",
"0.1.1",
"0.1.10",
"0.1.2",
"0.1.3",
"0.1.4",
"0.1.5",
"0.1.6",
"0.1.7",
"0.1.8",
"0.1.9",
"0.2.0",
"0.2.1",
"0.2.2",
"0.2.3",
"0.2.4",
"0.2.5",
"0.3.0",
"0.3.1",
"0.3.2",
"0.3.3",
"0.3.4",
"0.3.5",
"0.3.6",
"0.4.0",
"0.4.1",
"0.4.2",
"0.5.0",
"0.6.0",
"0.6.1",
"0.6.2",
"0.7.0",
"0.7.1",
"0.7.2",
"0.7.3",
"0.8.0",
"0.8.1",
"0.9.0",
"0.9.1",
"1.0.0",
"1.0.1",
"1.0.10",
"1.0.11",
"1.0.12",
"1.0.13",
"1.0.14",
"1.0.2",
"1.0.3",
"1.0.4",
"1.0.5",
"1.0.6",
"1.0.7",
"1.0.8",
"1.0.9",
"1.1.0",
"1.1.1",
"1.1.2",
"1.1.3",
"1.1.4",
"1.1.5",
"1.1.6",
"1.2.0",
"1.2.1",
"1.2.2",
"1.2.3",
"1.2.4",
"1.3.0",
"1.3.1",
"1.3.10",
"1.3.2",
"1.3.3",
"1.3.4",
"1.3.5",
"1.3.6",
"1.3.7",
"1.3.8",
"1.3.9"
]
}
],
"aliases": [
"CVE-2026-41205",
"GHSA-v92g-xgxw-vvmm"
],
"details": "Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.",
"id": "PYSEC-2026-88",
"modified": "2026-05-20T09:19:06.232960Z",
"published": "2026-04-23T19:17:29.270Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
SUSE-SU-2026:1819-1
Vulnerability from csaf_suse - Published: 2026-05-12 07:59 - Updated: 2026-05-12 07:59Summary
Security update for python-Mako
Severity
Important
Notes
Title of the patch: Security update for python-Mako
Description of the patch: This update for python-Mako fixes the following issue:
- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).
Patchnames: SUSE-2026-1819,SUSE-SLE-Module-Python3-15-SP7-2026-1819,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1819,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1819
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Mako-1.3.0-150600.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Mako-1.3.0-150600.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Mako-1.3.0-150600.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1262716 | self |
| https://www.suse.com/security/cve/CVE-2026-41205/ | self |
| https://www.suse.com/security/cve/CVE-2026-41205 | external |
| https://bugzilla.suse.com/1262716 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Mako",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Mako fixes the following issue:\n\n- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1819,SUSE-SLE-Module-Python3-15-SP7-2026-1819,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1819,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1819",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1819-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1819-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261819-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1819-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046420.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262716",
"url": "https://bugzilla.suse.com/1262716"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41205 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41205/"
}
],
"title": "Security update for python-Mako",
"tracking": {
"current_release_date": "2026-05-12T07:59:09Z",
"generator": {
"date": "2026-05-12T07:59:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1819-1",
"initial_release_date": "2026-05-12T07:59:09Z",
"revision_history": [
{
"date": "2026-05-12T07:59:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-Mako-1.3.0-150600.3.3.1.noarch",
"product": {
"name": "python311-Mako-1.3.0-150600.3.3.1.noarch",
"product_id": "python311-Mako-1.3.0-150600.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Mako-1.3.0-150600.3.3.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Mako-1.3.0-150600.3.3.1.noarch"
},
"product_reference": "python311-Mako-1.3.0-150600.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Mako-1.3.0-150600.3.3.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Mako-1.3.0-150600.3.3.1.noarch"
},
"product_reference": "python311-Mako-1.3.0-150600.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Mako-1.3.0-150600.3.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Mako-1.3.0-150600.3.3.1.noarch"
},
"product_reference": "python311-Mako-1.3.0-150600.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41205"
}
],
"notes": [
{
"category": "general",
"text": "Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Mako-1.3.0-150600.3.3.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Mako-1.3.0-150600.3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Mako-1.3.0-150600.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41205",
"url": "https://www.suse.com/security/cve/CVE-2026-41205"
},
{
"category": "external",
"summary": "SUSE Bug 1262716 for CVE-2026-41205",
"url": "https://bugzilla.suse.com/1262716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Mako-1.3.0-150600.3.3.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Mako-1.3.0-150600.3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Mako-1.3.0-150600.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Mako-1.3.0-150600.3.3.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Mako-1.3.0-150600.3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Mako-1.3.0-150600.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-12T07:59:09Z",
"details": "important"
}
],
"title": "CVE-2026-41205"
}
]
}
SUSE-SU-2026:1820-1
Vulnerability from csaf_suse - Published: 2026-05-12 07:59 - Updated: 2026-05-12 07:59Summary
Security update for python-Mako
Severity
Important
Notes
Title of the patch: Security update for python-Mako
Description of the patch: This update for python-Mako fixes the following issue:
- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).
Patchnames: SUSE-2026-1820,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1820,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1820,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1820,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1820,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1820,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1820,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1820,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1820
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-Mako-1.0.7-150000.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1262716 | self |
| https://www.suse.com/security/cve/CVE-2026-41205/ | self |
| https://www.suse.com/security/cve/CVE-2026-41205 | external |
| https://bugzilla.suse.com/1262716 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Mako",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Mako fixes the following issue:\n\n- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1820,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1820,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1820,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1820,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1820,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1820,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1820,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1820,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1820",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1820-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1820-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261820-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1820-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046419.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262716",
"url": "https://bugzilla.suse.com/1262716"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41205 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41205/"
}
],
"title": "Security update for python-Mako",
"tracking": {
"current_release_date": "2026-05-12T07:59:56Z",
"generator": {
"date": "2026-05-12T07:59:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1820-1",
"initial_release_date": "2026-05-12T07:59:56Z",
"revision_history": [
{
"date": "2026-05-12T07:59:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-Mako-1.0.7-150000.3.6.1.noarch",
"product": {
"name": "python2-Mako-1.0.7-150000.3.6.1.noarch",
"product_id": "python2-Mako-1.0.7-150000.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"product": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"product_id": "python3-Mako-1.0.7-150000.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Mako-1.0.7-150000.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-Mako-1.0.7-150000.3.6.1.noarch"
},
"product_reference": "python3-Mako-1.0.7-150000.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41205"
}
],
"notes": [
{
"category": "general",
"text": "Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-Mako-1.0.7-150000.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41205",
"url": "https://www.suse.com/security/cve/CVE-2026-41205"
},
{
"category": "external",
"summary": "SUSE Bug 1262716 for CVE-2026-41205",
"url": "https://bugzilla.suse.com/1262716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-Mako-1.0.7-150000.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-Mako-1.0.7-150000.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-Mako-1.0.7-150000.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-12T07:59:56Z",
"details": "important"
}
],
"title": "CVE-2026-41205"
}
]
}
SUSE-SU-2026:21426-1
Vulnerability from csaf_suse - Published: 2026-04-29 08:17 - Updated: 2026-04-29 08:17Summary
Security update for python-Mako
Severity
Important
Notes
Title of the patch: Security update for python-Mako
Description of the patch: This update for python-Mako fixes the following issue:
- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).
Patchnames: SUSE-SLES-16.0-653
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-Mako-1.3.10-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-Mako-1.3.10-160000.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-security-upd… | self |
| https://bugzilla.suse.com/1262716 | self |
| https://www.suse.com/security/cve/CVE-2026-41205/ | self |
| https://www.suse.com/security/cve/CVE-2026-41205 | external |
| https://bugzilla.suse.com/1262716 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Mako",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Mako fixes the following issue:\n\n- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-653",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21426-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21426-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621426-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21426-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025824.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262716",
"url": "https://bugzilla.suse.com/1262716"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41205 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41205/"
}
],
"title": "Security update for python-Mako",
"tracking": {
"current_release_date": "2026-04-29T08:17:04Z",
"generator": {
"date": "2026-04-29T08:17:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21426-1",
"initial_release_date": "2026-04-29T08:17:04Z",
"revision_history": [
{
"date": "2026-04-29T08:17:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-Mako-1.3.10-160000.3.1.noarch",
"product": {
"name": "python313-Mako-1.3.10-160000.3.1.noarch",
"product_id": "python313-Mako-1.3.10-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Mako-1.3.10-160000.3.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
},
"product_reference": "python313-Mako-1.3.10-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Mako-1.3.10-160000.3.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
},
"product_reference": "python313-Mako-1.3.10-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41205"
}
],
"notes": [
{
"category": "general",
"text": "Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-Mako-1.3.10-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41205",
"url": "https://www.suse.com/security/cve/CVE-2026-41205"
},
{
"category": "external",
"summary": "SUSE Bug 1262716 for CVE-2026-41205",
"url": "https://bugzilla.suse.com/1262716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-Mako-1.3.10-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-Mako-1.3.10-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-Mako-1.3.10-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:17:04Z",
"details": "important"
}
],
"title": "CVE-2026-41205"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…