PT-2026-34725 · Pypi+2 · Mako+2

0Xhunsec

Published

2026-04-16

Updated

2026-05-20

CVE-2026-41205

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mako versions prior to 1.3.11

Description Mako is a template library written in Python. The get template() function within TemplateLookup is susceptible to path traversal when a URI begins with //. This occurs due to an inconsistency between two slash-stripping implementations. If an application passes untrusted input directly to get template(), any file readable by the process can be returned as rendered template content.

Recommendations Update to version 1.3.11.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-41205

ECHO-0E1E-5A56-ED2D

GHSA-V92G-XGXW-VVMM

OPENSUSE-SU-2026:10616-1

PYSEC-2026-88

USN-8234-1

Affected Products

Linuxmint

Mako

Ubuntu

PT-2026-34725 · Pypi+2 · Mako+2

CVE-2026-41205

Weakness Enumeration

Related Identifiers

Affected Products

References · 19