CVE-2026-38360

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
3
PROJECTS

Description

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components

fohrloop/dash-uploader
fohrloop/dash-uploader
The alternative upload component for python Dash applications.
GitHubGitHub
154
dash-uploader
dash-uploader
Upload large files using resumable.js
Python Package IndexPython Package Index
a1ohadance/CVE-2026-38360
a1ohadance/CVE-2026-38360
Advisory: CVE-2026-38360 path traversal (CWE-22) in dash-uploader (Python/PyPI)
GitHubGitHub
2