CVE-2026-39847

Name of the Vulnerable Software and Affected Versions Emmett versions 2.5.0 through 2.8.0

Description Emmett, a full-stack Python web framework, contains a path traversal flaw in its RSGI static handler for internal assets (/ emmett paths). An attacker can use '../' sequences in requests, such as '/ emmett /../rsgi/handlers.py', to read arbitrary files outside the intended assets directory.

Recommendations Upgrade to version 2.8.1 to resolve this issue.