CVE-2026-44307

Name of the Vulnerable Software and Affected Versions Mako (affected versions not specified)

Description On Windows, a path traversal issue exists where URIs using backslash traversal (e.g., ....secret.txt) can bypass directory traversal checks in Template. init and normalization in TemplateLookup.get template(). This occurs due to a mismatch between posixpath, which treats backslashes as literal characters, and os.path (specifically ntpath on Windows), which treats them as path separators. An attacker can exploit this by passing user-controlled template names or include paths to the get template() function, potentially leading to the disclosure of files outside the configured template directory. If the accessed file contains Mako or Python template syntax, it may be parsed and executed.

Recommendations Normalize backslashes to forward slashes early in the URI processing pipeline, before any path operations, to ensure consistent behavior across platforms.