{"id":"GHSA-2h4p-vjrc-8xpq","summary":"Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup","details":"## Summary\n\nOn Windows, a URI using backslash traversal (e.g. `\\..\\..\\ secret.txt`) bypasses the directory traversal check in `Template.__init__` and the `posixpath`-based normalization in `TemplateLookup.get_template()`, allowing reads of files outside the configured template directory.\n\n\n## Details\n\nThe root cause is a mismatch between `posixpath` (used for URI normalization in `get_template()`) and `os.path` (used for file access via `os.path.isfile()` and validation via `os.path.normpath()` in `Template.__init__`). On Windows, `os.path` is `ntpath`, which treats `\\` as a path separator, while `posixpath` treats it as a literal character.\n\nThe vulnerability chain:\n\n1. `get_template()` strips only leading `/` via `re.sub(r\"^\\/+\", \"\", uri)` and normalizes with `posixpath` — backslash `\\` is treated as a literal character, so `\\..\\ secret.txt` passes through with `..` undetected.\n2. `Template.__init__()` validation uses `os.path.normpath()` — on Windows this resolves `\\..\\ secret.txt` to `\\secret.txt`, which does not start with `..`, so the `startswith(\"..\")` check passes.\n3. `os.path.isfile()` on Windows interprets `\\` as a path separator, resolving the `..` traversal and finding files outside the template directory.\n\n### Affected code\n\n- `mako/lookup.py`: `TemplateLookup.get_template()` uses `posixpath.normpath`/`posixpath.join` for path construction but `os.path.isfile()` for existence check\n- `mako/template.py`: `Template.__init__()` URI validation uses `os.path.normpath()` which on Windows resolves backslash traversal to a form that passes the `startswith(\"..\")` guard\n\n## Impact\n\nIf an application passes user-controlled template names or include paths to `TemplateLookup.get_template()`, an attacker on Windows may be able to load and disclose readable files outside the configured template directory. The primary impact is local file disclosure. If the targeted file contains Mako/Python template syntax, it may also be parsed and executed as a template.\n\n## Remediation\n\nThe fix should normalize backslashes to forward slashes early in the URI processing pipeline, before any path operations, to ensure consistent behavior across platforms.","aliases":["CVE-2026-44307"],"modified":"2026-05-13T16:57:35.961261Z","published":"2026-05-06T21:45:16Z","related":["CGA-5v3q-r344-q4xf"],"database_specific":{"github_reviewed":true,"cwe_ids":["CWE-22"],"nvd_published_at":"2026-05-12T22:16:37Z","github_reviewed_at":"2026-05-06T21:45:16Z","severity":"HIGH"},"references":[{"type":"WEB","url":"https://github.com/sqlalchemy/mako/security/advisories/GHSA-2h4p-vjrc-8xpq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44307"},{"type":"WEB","url":"https://github.com/sqlalchemy/mako/issues/435"},{"type":"WEB","url":"https://github.com/sqlalchemy/mako/commit/72e10c573ca0fbcbddd4455abca8ce92a61780d7"},{"type":"PACKAGE","url":"https://github.com/sqlalchemy/mako"},{"type":"WEB","url":"https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_12"}],"affected":[{"package":{"name":"mako","ecosystem":"PyPI","purl":"pkg:pypi/mako"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.12"}]}],"versions":["0.1.0","0.1.1","0.1.10","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.4.0","0.4.1","0.4.2","0.5.0","0.6.0","0.6.1","0.6.2","0.7.0","0.7.1","0.7.2","0.7.3","0.8.0","0.8.1","0.9.0","0.9.1","1.0.0","1.0.1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.3.0","1.3.1","1.3.10","1.3.11","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9"],"database_specific":{"last_known_affected_version_range":"\u003c= 1.3.11","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-2h4p-vjrc-8xpq/GHSA-2h4p-vjrc-8xpq.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}