CVE-2026-35052

CVSS v4.0

5.3

Medium

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Impact

Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server.

Patches

Users should upgrade to version 3.22.0.

Workarounds

There are no workarounds for versions < 3.22.0

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-35052

GHSA-436G-FHFC-9G5W

Affected Products

D-Tale

CVE-2026-35052

Impact

Patches

Workarounds

Weakness Enumeration

Related Identifiers

Affected Products

References · 3