CVE-2026-49136

7.5 HIGH

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within t...

Published: 2026-06-01 · Last updated: 2026-06-02

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22

Description

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check using os.path.startswith() without a trailing separator. Attackers can supply crafted markdown image references in user-controlled page descriptions that resolve to sibling directories whose names share the uploads folder prefix, bypassing the directory confinement check and causing the application to read files from unintended locations via PIL Image.open().

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-12211 — A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26 (2.7 LOW)
CVE-2026-12198 — A weakness has been identified in Microweber up to 2.0.20 (7.3 HIGH)
CVE-2026-12089 — The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, an... (4.9 MEDIUM)
CVE-2026-11442 — Allegra exportReport Directory Traversal Information Disclosure Vulnerability (6.5 MEDIUM)
CVE-2026-53825 — OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gatewa... (6.5 MEDIUM)