CNNVD-202602-939 Information
CNNVD ID
CNNVD-202602-939
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
NiceGUI是NiceGUI开源的一个易于使用、基于 Python 的 UI 框架。 NiceGUI 3.7.0之前版本存在路径遍历漏洞,该漏洞源于FileUpload.name属性未清理客户端提供的文件名元数据,可能导致路径遍历和远程代码执行。
Description (English)
NiceGUI is an easy-to-use, Python-based UI framework for NiceGUI open source. NiceGUI 3.7.0 has a loophole in the path that originates from the FileUpload.name attribute that does not clean up file name metadata provided by the client, which may lead to the routing and remote code execution.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
NiceGUI
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L110-L115 https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L79-L82 https://github.com/zauberzeug/nicegui/security/advisories/GHSA-9ffm-fxg3-xrhh https://access.redhat.com/security/cve/cve-2026-25732
Patch
https://github.com/zauberzeug/nicegui/releases
Share on: