CVE-2026-27199 | Pallets Werkzeug up to 3.1.5 send_from_directory windows device name (GHSA-29vq-49wr-vm6x)

Inserito da Angelo Barbosa | Feb 21, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Pallets Werkzeug up to 3.1.5. Affected by this vulnerability is the function send_from_directory. The manipulation results in improper handling of windows device names.

This vulnerability is reported as CVE-2026-27199. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-27199 | Pallets Werkzeug up to 3.1.5 send_from_directory windows device name (GHSA-29vq-49wr-vm6x)

Post correlati

CVE-2025-49514 | Moodle DNS dns rebinding

CVE-2024-7919 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 GetDataList access control

CVE-2025-6917 | code-projects Online Hotel Booking 1.0 /admin/registration.php uname sql injection

CVE-2024-8162 | TOTOLINK T10 AC1200 4.1.8cu.5207 Telnet Service product.ini hard-coded credentials