PT-2026-30017 · Pandas+5 · Pandas+5

Qiaonpc

Published

2026-04-03

Updated

2026-05-02

CVE-2026-35052

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.22.0

Description D-Tale, comprising a Flask back-end and a React front-end for viewing and analyzing Pandas data structures, had a remote code execution issue. Hosting D-Tale publicly with a redis or shelf storage layer could allow attackers to execute malicious code on the server.

Recommendations Upgrade to version 3.22.0.

Fix

RCE

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-35052

GHSA-436G-FHFC-9G5W

Affected Products

D-Tale

Flask

Pandas

React

Redis

Shelf

PT-2026-30017 · Pandas+5 · Pandas+5

CVE-2026-35052

Weakness Enumeration

Related Identifiers

Affected Products

References · 6