High severity7.1NVD Advisory· Published Jun 11, 2026· Updated Jun 11, 2026

WsgiDAV encoded dot segments can escape filesystem share roots

CVE-2026-48099

Description

WsgiDAV 4.3.3 allows path traversal via encoded parent directory segments due to a flawed startswith check in FilesystemProvider._loc_to_file_path(), enabling access outside the share root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WsgiDAV 4.3.3 allows path traversal via encoded parent directory segments due to a flawed startswith check in FilesystemProvider._loc_to_file_path(), enabling access outside the share root.

Vulnerability

WsgiDAV version 4.3.3 contains a path traversal vulnerability in the FilesystemProvider._loc_to_file_path() method. The method builds a candidate file path using os.path.abspath(os.path.join(root_path, *path_parts)) and then checks containment with file_path.startswith(root_path). This check is not path-boundary aware, meaning a resolved sibling path such as /tmp/share_evil/secret.txt still starts with the string /tmp/share even though it is outside the configured share root /tmp/share. An attacker can supply an encoded parent directory segment (e.g., /%2e%2e/...) in a WebDAV request, which the WSGI/server layer (e.g., wsgiref) passes through as /../.... This allows the path to escape the filesystem share root under specific conditions. The issue is fixed in version 4.3.4 [1][2][3].

Exploitation

An attacker must be able to send WebDAV requests to a filesystem-backed WsgiDAV share. This could be an anonymous share or an authenticated WebDAV user; the vulnerability is not an authentication bypass. The attacker crafts a WebDAV request with a path containing an encoded dot segment (e.g., /%2e%2e/...). The server layer translates this to a parent directory traversal, and the flawed containment check allows the access. A sibling or neighboring directory must exist whose absolute path starts with the configured root path string (e.g., /tmp/share and /tmp/share_evil). The WsgiDAV process must also have OS permissions to read, write, or delete files in the outside path [1][2].

Impact

A successful attacker can gain unauthorized access to files outside the intended share root. In local proof-of-concept testing, this allowed GET (read), PUT (write), and DELETE requests to operate on files outside the configured share root. The impact depends on the deployment environment and the OS permissions of the WsgiDAV process, but can lead to disclosure, modification, or deletion of sensitive data [1][2].

Mitigation

The vulnerability is fixed in WsgiDAV version 4.3.4, released on 2026-05-24 [1][2][3]. The fix appends os.sep to both the root path and the file path before performing the startswith check, making it path-boundary aware (see commit f894ed8656d7bdd7438ab8148c5a02546cb15183). All users of version 4.3.3 should upgrade immediately. No workarounds have been published for non-fixed versions [1][2][3].

References

AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Pypi/Wsgidavinferred
Range: <4.3.4
Package: https://pypi.org/project/WsgiDAV
WsgiDAV/WsgiDAVllm-create
Range: <=4.3.3
ghsa-coords
pkg:pypi/wsgidav
Range: < 4.3.4

Patches

f894ed8656d7

Fix CVE-2026-48099

https://github.com/mar10/wsgidavMartin WendtMay 24, 2026via ghsa-ref

commit

2 files changed · +11 −2

CHANGELOG.md+4 −0 modified

@@ -17,6 +17,10 @@
 - Test with Python 3.13
 - Use ruff instead of black/isort
 
+## 4.3.4 / 2026-05-24
+
+- Resolve security advisory [CVE-2026-48099](https://github.com/mar10/wsgidav/security/advisories/GHSA-wxq4-cc2q-338q)
+
 ## 4.3.3 / 2024-05-04
 
 - Deprecate Python 3.8 (EOL: 2024-10-14)

wsgidav/fs_dav_provider.py+7 −2 modified

@@ -457,9 +457,14 @@ def _loc_to_file_path(self, path: str, environ: dict = None):
         # Try alternative URL if not found (or even override target):
         is_shadow, file_path = self._resolve_shadow_path(path, environ, file_path)
 
-        if not file_path.startswith(root_path) and not is_shadow:
+        # Ensure the containment check is path-boundary-aware: append os.sep so
+        # that a sibling directory (e.g. /tmp/share_evil) whose name *starts with*
+        # root_path (/tmp/share) is correctly rejected.
+        root_path_with_sep = root_path.rstrip(os.sep) + os.sep
+        file_path_with_sep = file_path.rstrip(os.sep) + os.sep
+        if not file_path_with_sep.startswith(root_path_with_sep) and not is_shadow:
             raise RuntimeError(
-                f"Security exception: tried to access file outside root: {file_path}"
+                f"Security exception: tried to access file outside root {root_path}: {file_path}"
             )
 
         # Convert to unicode

Vulnerability mechanics

Root cause

"Missing path-boundary awareness in the containment check of `_loc_to_file_path()` allows a sibling directory whose name starts with the root path string to bypass the traversal guard."

Attack vector

An attacker sends a WebDAV request containing an encoded parent-directory segment (e.g., `/%2e%2e/...`) which the WSGI layer passes through as `/../...` to WsgiDAV's PATH_INFO [ref_id=1]. The `_loc_to_file_path()` method resolves this path and then checks containment with a string prefix match that does not account for path boundaries. If the configured share root is `/tmp/share`, a resolved sibling path such as `/tmp/share_evil/secret.txt` still starts with the string `/tmp/share`, allowing the attacker to escape the share root [CWE-22]. The attacker must be able to send WebDAV requests to a filesystem-backed share, and a sibling or neighboring path must exist whose absolute path starts with the configured root path string.

Affected code

The vulnerability is in `FilesystemProvider._loc_to_file_path()` within `wsgidav/fs_dav_provider.py`. The method builds a candidate path using `os.path.abspath(os.path.join(root_path, *path_parts))` and then checks containment with a simple `file_path.startswith(root_path)` that is not path-boundary-aware [patch_id=5621302].

What the fix does

The patch appends `os.sep` to both the root path and the resolved file path before performing the `startswith` containment check [patch_id=5621302]. This ensures that a sibling directory like `/tmp/share_evil` is correctly rejected because `/tmp/share/` does not match the prefix of `/tmp/share_evil/`. The fix makes the containment check path-boundary-aware, closing the traversal vector.

Preconditions

configThe deployment uses a filesystem-backed WsgiDAV share.
configA sibling or neighboring path exists whose absolute path starts with the configured root path string (e.g., /tmp/share and /tmp/share_evil).
authThe attacker can send WebDAV requests accepted by that share (anonymous or authenticated).
configThe WsgiDAV process has OS permissions for the outside path.

Generated on Jun 11, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000