Critical severity9.8NVD Advisory· Published May 8, 2026· Updated Jun 10, 2026
CVE-2026-38360
CVE-2026-38360
Description
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dash-uploaderPyPI | >= 0.1.0, <= 0.7.0a2 | — |
Affected products
2- Range: 0.1.0 through 0.7.0a2
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-3rf6-x59v-5jfvnvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-38360ghsaADVISORY
- github.com/fohrloop/dash-uploader/blob/dev/dash_uploader/httprequesthandler.pynvdWEB
- github.com/fohrloop/dash-uploader/blob/stable/dash_uploader/httprequesthandler.pynvdWEB
- github.com/fohrloop/dash-uploader/issues/153nvdWEB
- pypi.org/project/dash-uploaderghsaWEB
- github.com/github/advisory-database/pull/7635nvd
- pypi.org/project/dash-uploader/nvd
News mentions
0No linked articles in our index yet.