EXECUTIVE SUMMARY:
CVE-2026-27199 is a moderate severity vulnerability with a CVSS score of 6.3 affecting Werkzeug versions prior to 3.1.6. The safe_join() function fails to properly handle Windows special device names when they appear as part of a multi-segment path, allowing filenames like example/NUL to bypass filtering. These impacts applications using send_from_directory to serve user-specified files, where a request ending with a special device name may cause the file to open but hang indefinitely when read. The issue was previously reported under GHSA-hgf8-39gv-g3f2 and has been fixed in version 3.1.6.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-27199 is a moderate severity vulnerability with a CVSS score of 6.3 affecting Werkzeug versions prior to 3.1.6. The safe_join() function fails to properly handle Windows special device names when they appear as part of a multi-segment path, allowing filenames like example/NUL to bypass filtering. These impacts applications using send_from_directory to serve user-specified files, where a request ending with a special device name may cause the file to open but hang indefinitely when read. The issue was previously reported under GHSA-hgf8-39gv-g3f2 and has been fixed in version 3.1.6.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend update Werkzeug to version 3.1.6.
REFERENCES:
The following reports contain further technical details:
[/emaillocker]