CNNVD-202601-1404 Information

CNNVD ID

CNNVD-202601-1404

Related CVE

CVE-2026-21860

• CNNVD Published: 2026-01-08

Description (Chinese)

Werkzeug是Pallets开源的一个全面的 WSGI web 应用程序库。 Werkzeug 3.1.5之前版本存在安全漏洞，该漏洞源于safe_join函数允许包含Windows设备名称的路径段，可能导致安全问题。

Description (English)

Werkzeug is a comprehensive WSGI web application library of Pallets open source. There was a security loophole in the pre-Werkzeug 3.1.5 version, which resulted from the path segment of the safe join function that allowed the inclusion of Windows device names, which could lead to security problems.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Pallets

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7 https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3 https://access.redhat.com/security/cve/cve-2026-21860

Patch

https://github.com/pallets/werkzeug/releases