Wind River Support Network

HomeDefectsLIN1025-14652
Acknowledged

LIN1025-14652 : Security Advisory - python-mako - CVE-2026-44307

Created: May 13, 2026    Updated: May 19, 2026
Found In Version: 10.25.33.2
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Userspace

Description

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads of files outside the configured template directory. This vulnerability is fixed in 1.3.12.
  • Linkedin
  • Facebook
  • Twitter
  • Youtube