Werkzeug safe_join() allows Windows special device names
Description
Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safe_join accepts paths with multiple segments, such as example/NUL. The function send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been fixed in version 3.1.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
werkzeugPyPI | < 3.1.6 | 3.1.6 |
Affected products
36- osv-coords35 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-3pkg:apk/chainguard/airflow-core-2pkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/kubeflow-volumes-web-apppkg:apk/chainguard/litellmpkg:apk/chainguard/localstackpkg:apk/chainguard/mlflowpkg:apk/chainguard/mlflow-iamguarded-compatpkg:apk/chainguard/open-webuipkg:apk/chainguard/py3.10-ambassadorpkg:apk/chainguard/py3.11-ambassadorpkg:apk/chainguard/py3.11-azure-functions-workerpkg:apk/chainguard/py3.12-ambassadorpkg:apk/chainguard/py3.12-azure-functions-workerpkg:apk/chainguard/py3.13-ambassadorpkg:apk/chainguard/py3.13-azure-functions-workerpkg:apk/chainguard/superset-5.0pkg:apk/chainguard/superset-6.0pkg:apk/chainguard/tensorflow-cpu-jupyterpkg:apk/chainguard/tensorflow-gpu-jupyterpkg:apk/wolfi/airflow-3pkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/kubeflow-volumes-web-apppkg:apk/wolfi/mlflowpkg:apk/wolfi/mlflow-iamguarded-compatpkg:apk/wolfi/open-webuipkg:apk/wolfi/py3.10-ambassadorpkg:apk/wolfi/py3.11-ambassadorpkg:apk/wolfi/py3.12-ambassadorpkg:apk/wolfi/py3.13-ambassadorpkg:apk/wolfi/superset-5.0pkg:apk/wolfi/superset-6.0pkg:apk/wolfi/tensorflow-cpu-jupyterpkg:pypi/werkzeug
< 2.11.1-r0+ 34 more
- (no CPE)range: < 2.11.1-r0
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 2.11.1-r0
- (no CPE)range: < 2.16.0-r1
- (no CPE)range: < 1.10.0-r11
- (no CPE)range: < 1.81.12.1-r0
- (no CPE)range: < 4.13.1-r2
- (no CPE)range: < 3.9.0-r1
- (no CPE)range: < 3.9.0-r1
- (no CPE)range: < 0.8.3-r1
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 4.43.0-r0
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 4.43.0-r0
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 4.43.0-r0
- (no CPE)range: < 5.0.0-r19
- (no CPE)range: < 6.0.0-r3
- (no CPE)range: < 2.20.0-r12
- (no CPE)range: < 2.20.0-r11
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 2.16.0-r1
- (no CPE)range: < 1.10.0-r11
- (no CPE)range: < 3.9.0-r1
- (no CPE)range: < 3.9.0-r1
- (no CPE)range: < 0.8.3-r1
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 3.10.0-r20
- (no CPE)range: < 5.0.0-r19
- (no CPE)range: < 6.0.0-r3
- (no CPE)range: < 2.20.0-r12
- (no CPE)range: < 3.1.6
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-29vq-49wr-vm6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27199ghsaADVISORY
- github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338dghsax_refsource_MISCWEB
- github.com/pallets/werkzeug/releases/tag/3.1.6ghsax_refsource_MISCWEB
- github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6xghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.