CWE-67
AllowedImproper Handling of Windows Device Names
Abstraction: Variant · Status: Incomplete
The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.
10 vulnerabilities reference this CWE, most recent first.
CVE-2026-27199 (GCVE-0-2026-27199)
Vulnerability from cvelistv5 – Published: 2026-02-21 05:15 – Updated: 2026-02-24 19:02- CWE-67 - Improper Handling of Windows Device Names
| URL | Tags |
|---|---|
| https://github.com/pallets/werkzeug/security/advi… | x_refsource_CONFIRM |
| https://github.com/pallets/werkzeug/commit/f40771… | x_refsource_MISC |
| https://github.com/pallets/werkzeug/releases/tag/3.1.6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T19:02:05.165135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T19:02:19.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "werkzeug",
"vendor": "pallets",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safe_join accepts paths with multiple segments, such as example/NUL. The function send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been fixed in version 3.1.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-67",
"description": "CWE-67: Improper Handling of Windows Device Names",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-21T05:15:53.335Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x"
},
{
"name": "https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d"
},
{
"name": "https://github.com/pallets/werkzeug/releases/tag/3.1.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pallets/werkzeug/releases/tag/3.1.6"
}
],
"source": {
"advisory": "GHSA-29vq-49wr-vm6x",
"discovery": "UNKNOWN"
},
"title": "Werkzeug safe_join() allows Windows special device names"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27199",
"datePublished": "2026-02-21T05:15:53.335Z",
"dateReserved": "2026-02-18T19:47:02.155Z",
"dateUpdated": "2026-02-24T19:02:19.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21860 (GCVE-0-2026-21860)
Vulnerability from cvelistv5 – Published: 2026-01-08 18:34 – Updated: 2026-01-08 18:50- CWE-67 - Improper Handling of Windows Device Names
| URL | Tags |
|---|---|
| https://github.com/pallets/werkzeug/security/advi… | x_refsource_CONFIRM |
| https://github.com/pallets/werkzeug/commit/7ae1d2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T18:50:24.550661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:50:34.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "werkzeug",
"vendor": "pallets",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug\u0027s safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as CON.txt, or trailing spaces such as CON. This issue has been patched in version 3.1.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-67",
"description": "CWE-67: Improper Handling of Windows Device Names",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:34:05.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7"
},
{
"name": "https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3"
}
],
"source": {
"advisory": "GHSA-87hc-h4r5-73f7",
"discovery": "UNKNOWN"
},
"title": "Werkzeug safe_join() allows Windows special device names with compound extensions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21860",
"datePublished": "2026-01-08T18:34:05.390Z",
"dateReserved": "2026-01-05T16:44:16.367Z",
"dateUpdated": "2026-01-08T18:50:34.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66221 (GCVE-0-2025-66221)
Vulnerability from cvelistv5 – Published: 2025-11-29 02:28 – Updated: 2025-12-01 15:35- CWE-67 - Improper Handling of Windows Device Names
| URL | Tags |
|---|---|
| https://github.com/pallets/werkzeug/security/advi… | x_refsource_CONFIRM |
| https://github.com/pallets/werkzeug/commit/4b8333… | x_refsource_MISC |
| https://github.com/pallets/werkzeug/releases/tag/3.1.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T15:35:05.219216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:35:25.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "werkzeug",
"vendor": "pallets",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug\u0027s safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-67",
"description": "CWE-67: Improper Handling of Windows Device Names",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T02:28:34.524Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2"
},
{
"name": "https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13"
},
{
"name": "https://github.com/pallets/werkzeug/releases/tag/3.1.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pallets/werkzeug/releases/tag/3.1.4"
}
],
"source": {
"advisory": "GHSA-hgf8-39gv-g3f2",
"discovery": "UNKNOWN"
},
"title": "Werkzeug safe_join() allows Windows special device names"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66221",
"datePublished": "2025-11-29T02:28:34.524Z",
"dateReserved": "2025-11-24T23:01:29.679Z",
"dateUpdated": "2025-12-01T15:35:25.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51745 (GCVE-0-2024-51745)
Vulnerability from cvelistv5 – Published: 2024-11-05 21:09 – Updated: 2024-11-05 21:28| URL | Tags |
|---|---|
| https://github.com/bytecodealliance/wasmtime/secu… | x_refsource_CONFIRM |
| https://github.com/bytecodealliance/cap-std/pull/371 | x_refsource_MISC |
| https://en.wikipedia.org/wiki/ISO/IEC_8859-1 | x_refsource_MISC |
| https://learn.microsoft.com/en-us/windows/win32/f… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| bytecodealliance | wasmtime |
Affected:
< 24.0.2
Affected: >= 25.0.0, < 25.0.3 Affected: = 26.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T21:28:24.494004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:28:34.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wasmtime",
"vendor": "bytecodealliance",
"versions": [
{
"status": "affected",
"version": "\u003c 24.0.2"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.3"
},
{
"status": "affected",
"version": "= 26.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime\u0027s filesystem sandbox implementation on Windows blocks access to special device filenames such as \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", and so on, however it did not block access to the special device filenames which use superscript digits, such as \"COM\u00b9\", \"COM\u00b2\", \"LPT\u2070\", \"LPT\u00b9\", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them gain access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports. Patch releases for Wasmtime have been issued as 24.0.2, 25.0.3, and 26.0.1. Users of Wasmtime 23.0.x and prior are recommended to upgrade to one of these patched versions. There are no known workarounds for this issue. Affected Windows users are recommended to upgrade."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-67",
"description": "CWE-67: Improper Handling of Windows Device Names",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:09:43.943Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8"
},
{
"name": "https://github.com/bytecodealliance/cap-std/pull/371",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/cap-std/pull/371"
},
{
"name": "https://en.wikipedia.org/wiki/ISO/IEC_8859-1",
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/ISO/IEC_8859-1"
},
{
"name": "https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions",
"tags": [
"x_refsource_MISC"
],
"url": "https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions"
}
],
"source": {
"advisory": "GHSA-c2f5-jxjv-2hh8",
"discovery": "UNKNOWN"
},
"title": "Wasmtime doesn\u0027t fully sandbox all the Windows device filenames"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51745",
"datePublished": "2024-11-05T21:09:43.943Z",
"dateReserved": "2024-10-31T14:12:45.790Z",
"dateUpdated": "2024-11-05T21:28:34.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35197 (GCVE-0-2024-35197)
Vulnerability from cvelistv5 – Published: 2024-05-23 12:09 – Updated: 2024-08-02 03:07- CWE-67 - Improper Handling of Windows Device Names
| URL | Tags |
|---|---|
| https://github.com/Byron/gitoxide/security/adviso… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:byron:gitoxide:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gitoxide",
"vendor": "byron",
"versions": [
{
"lessThan": "0.36.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35197",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:29:05.667742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:47.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Byron/gitoxide/security/advisories/GHSA-49jc-r788-3fc9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Byron/gitoxide/security/advisories/GHSA-49jc-r788-3fc9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gitoxide",
"vendor": "Byron",
"versions": [
{
"status": "affected",
"version": "\u003c 0.36.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that appear to have come from the application, and potentially other harmful effects under limited circumstances. If Windows is not used, or untrusted repositories are not cloned or otherwise used, then there is no impact. A minor degradation in availability may also be possible, such as with a very large file named `CON`, though the user could interrupt the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-67",
"description": "CWE-67: Improper Handling of Windows Device Names",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T12:09:09.044Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Byron/gitoxide/security/advisories/GHSA-49jc-r788-3fc9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Byron/gitoxide/security/advisories/GHSA-49jc-r788-3fc9"
}
],
"source": {
"advisory": "GHSA-49jc-r788-3fc9",
"discovery": "UNKNOWN"
},
"title": "gix refs and paths with reserved Windows device names access the devices"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35197",
"datePublished": "2024-05-23T12:09:09.044Z",
"dateReserved": "2024-05-10T14:24:24.343Z",
"dateUpdated": "2024-08-02T03:07:46.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-29VQ-49WR-VM6X
Vulnerability from github – Published: 2026-02-19 20:32 – Updated: 2026-02-23 22:27Werkzeug's safe_join function allows Windows device names as filenames if when preceded by other path segments.
This was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safe_join accepts paths with multiple segments, such as example/NUL.
send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "werkzeug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27199"
],
"database_specific": {
"cwe_ids": [
"CWE-67"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-19T20:32:45Z",
"nvd_published_at": "2026-02-21T06:17:00Z",
"severity": "MODERATE"
},
"details": "Werkzeug\u0027s `safe_join` function allows Windows device names as filenames if when preceded by other path segments.\n\nThis was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that `safe_join` accepts paths with multiple segments, such as `example/NUL`.\n\n`send_from_directory` uses `safe_join` to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.",
"id": "GHSA-29vq-49wr-vm6x",
"modified": "2026-02-23T22:27:37Z",
"published": "2026-02-19T20:32:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27199"
},
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d"
},
{
"type": "PACKAGE",
"url": "https://github.com/pallets/werkzeug"
},
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/releases/tag/3.1.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": " Werkzeug safe_join() allows Windows special device names"
}
GHSA-49JC-R788-3FC9
Vulnerability from github – Published: 2024-05-22 14:13 – Updated: 2024-07-16 17:17Summary
On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that appear to have come from the application, and potentially other harmful effects under limited circumstances.
Details
It is possible to create a Git repository that contains references or filenames that Windows treats as legacy DOS-style aliases for system devices. When such a repository is cloned:
- In references,
gix-refdoes not include a check for such names before attempting to access them on disk, which reads from the devices, though the ability to exfiltrate data appears limited. - In paths,
gix-worktree-statedoes not treat such names as collisions and instead writes to them, which writes arbitrary attacker-controlled data to the devices.
Some such device names refer to devices that are often absent or inaccessible. But a few are guaranteed to be available, allowing some attacks to be carried out with low complexity. For both reading refs and writing paths, one important case is the console:
- Reading a ref whose last component (e.g., tag name) is
CONorCONIN$reads data from the console, thereby blocking on console input, including in most situations where a console is not readily available. This may facilitate denial of service attacks. - Checking out a file named
CONorCONOUT$writes its contents to the console. This allows an untrusted repository to produce arbitrary text that appears to be a message from the application. Such text may facilitate social engineering if it is selected to instruct the user to perform a particular action.
Another potentially important case is serial ports. For example, COM1 refers to the first serial port, if present. A malicious repository may be able to disrupt intended use of serial ports or attempt to interact with a device. In some configurations, it may be possible to interfere with the operation of a physical or virtual serial console. On Windows, local access to serial ports is often permitted even for limited user accounts without elevation.
Naming Files, Paths, and Namespaces covers most reserved names. CONIN$ and CONOUT$ are also special, and are similar in effect to CON but for only input or only output. These names are case-insensitive and can also be accessed with file extensions (e.g, CON.txt is equivalent to CON) and with some variations involving added spaces or colons.
PoC
Ref example
Create a repository on a non-Windows system (or in WSL) with at least one commit. Use git tag CON to create a lightweight tag named CON. Place the repository somewhere it can be cloned on Windows. A file:// URL is sufficient for testing if a private remote is unavailable. If using git push, pass --tags so the remote has the tag.
On a Windows system, clone the repository with gix clone. This command will block immediately, reading input from the console. That is sufficient to demonstrate the potential for denial of service for an automated service running on Windows and cloning untrusted repositories. The experiment can be stopped with Ctrl+C.
However, if desired, input can be provided. Ending input with Ctrl+Z followed by Enter will cause it to be passed to the application. This will lead to an error message, the specific details of which vary by whether the input is empty or nonempty, and whether it matches or does not match the hexadecimal hash of the tagged commit.
Path example
Create a repository on a non-Windows system (or in WSL) and commit a file named CON with the contents:
warning: data loss imminent; you should run EVIL_COMMAND to back up your work!
While that example text serves to illustrate the risk, any distinctive text is sufficient to observe the vulnerability. Place the repository somewhere it can be cloned on Windows. As above, a file:// URL is sufficient.
On a Windows system, clone the repository with gix clone. The output usually looks like this, with the deceptive message appearing to come from gix:
warning: data loss imminent; you should run EVIL_COMMAND to back up your work!
04:45:15 indexing done 3.0 objects in 0.00s (12.1K objects/s)
04:45:15 decompressing done 309B in 0.00s (1.2MB/s)
04:45:15 Resolving done 3.0 objects in 0.05s (58.0 objects/s)
04:45:15 Decoding done 309B in 0.05s (6.0KB/s)
04:45:15 writing index file done 1.2KB in 0.00s (7.0MB/s)
04:45:15 create index file done 3.0 objects in 0.05s (55.0 objects/s)
04:45:15 read pack done 294B in 0.05s (5.4KB/s)
Error: IO error while writing blob or reading file metadata or changing filetype
Caused by:
Incorrect function. (os error 1)
The exact placement of the message is nondeterministic. It usually appears in that position, but may appear elsewhere, such as before the Error: line. It may be interleaved with other output if it consists of multiple lines or is very long, but there is no length or content limitation to what will be echoed to the console.
Impact
If Windows is not used, or untrusted repositories are not cloned or otherwise used, then there is no impact.
The impact is expected to be limited in common configurations, but may vary widely depending on what devices exist, how they are being used, how much knowledge an attacker has of the precise details of their use, and whether the user is likely to trust information that appears in a console. Accessing devices through refs is expected to be less dangerous than accessing them through filenames, since it is trivial to attempt to write arbitrary data using filenames.
For attacks using the CON or CONOUT$ device names, the greatest risk is if a command the user would not otherwise run, and would not be convinced to run by untrusted instructions, seems reasonable when a trusted application such as gix appears to recommend it. The user may then be misled into running an attacker's command.
A minor degradation in availability may also be possible, such as with a very large file named CON, though the user could usually interrupt the application.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "gix-worktree-state"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gitoxide"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.36.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-worktree"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.34.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gitoxide-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.38.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.63.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-ref"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.44.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-index"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.33.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-35197"
],
"database_specific": {
"cwe_ids": [
"CWE-67"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-22T14:13:24Z",
"nvd_published_at": "2024-05-23T13:15:09Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nOn Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that appear to have come from the application, and potentially other harmful effects under limited circumstances.\n\n### Details\n\nIt is possible to create a Git repository that contains references or filenames that Windows treats as legacy DOS-style aliases for system devices. When such a repository is cloned:\n\n- In references, `gix-ref` does not include a check for such names before attempting to access them on disk, which reads from the devices, though the ability to exfiltrate data appears limited.\n- In paths, `gix-worktree-state` does not treat such names as collisions and instead writes to them, which writes arbitrary attacker-controlled data to the devices.\n\nSome such device names refer to devices that are often absent or inaccessible. But a few are guaranteed to be available, allowing some attacks to be carried out with low complexity. For both reading refs and writing paths, one important case is the console:\n\n- Reading a ref whose last component (e.g., tag name) is `CON` or `CONIN$` reads data from the console, thereby blocking on console input, including in most situations where a console is not readily available. This may facilitate denial of service attacks.\n- Checking out a file named `CON` or `CONOUT$` writes its contents to the console. This allows an untrusted repository to produce arbitrary text that appears to be a message from the application. Such text may facilitate social engineering if it is selected to instruct the user to perform a particular action.\n\nAnother potentially important case is serial ports. For example, `COM1` refers to the first serial port, if present. A malicious repository may be able to disrupt intended use of serial ports or attempt to interact with a device. In some configurations, it may be possible to interfere with the operation of a physical or virtual serial console. On Windows, local access to serial ports is often permitted even for limited user accounts without elevation.\n\n[Naming Files, Paths, and Namespaces](https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions) covers most reserved names. `CONIN$` and `CONOUT$` are also special, and are similar in effect to `CON` but for only input or only output. These names are case-insensitive and can also be accessed with file extensions (e.g, `CON.txt` is equivalent to `CON`) and with some variations involving added spaces or colons.\n\n### PoC\n\n#### Ref example\n\nCreate a repository on a non-Windows system (or in WSL) with at least one commit. Use `git tag CON` to create a lightweight tag named `CON`. Place the repository somewhere it can be cloned on Windows. A `file://` URL is sufficient for testing if a private remote is unavailable. If using `git push`, pass `--tags` so the remote has the tag.\n\nOn a Windows system, clone the repository with `gix clone`. This command will block immediately, reading input from the console. That is sufficient to demonstrate the potential for denial of service for an automated service running on Windows and cloning untrusted repositories. The experiment can be stopped with \u003ckbd\u003eCtrl\u003c/kbd\u003e+\u003ckbd\u003eC\u003c/kbd\u003e.\n\nHowever, if desired, input can be provided. Ending input with \u003ckbd\u003eCtrl\u003c/kbd\u003e+\u003ckbd\u003eZ\u003c/kbd\u003e followed by \u003ckbd\u003eEnter\u003c/kbd\u003e will cause it to be passed to the application. This will lead to an error message, the specific details of which vary by whether the input is empty or nonempty, and whether it matches or does not match the hexadecimal hash of the tagged commit.\n\n#### Path example\n\nCreate a repository on a non-Windows system (or in WSL) and commit a file named `CON` with the contents:\n\n```text\nwarning: data loss imminent; you should run EVIL_COMMAND to back up your work!\n```\n\nWhile that example text serves to illustrate the risk, any distinctive text is sufficient to observe the vulnerability. Place the repository somewhere it can be cloned on Windows. As above, a `file://` URL is sufficient.\n\nOn a Windows system, clone the repository with `gix clone`. The output usually looks like this, with the deceptive message appearing to come from `gix`:\n\n```text\nwarning: data loss imminent; you should run EVIL_COMMAND to back up your work!\n 04:45:15 indexing done 3.0 objects in 0.00s (12.1K objects/s)\n 04:45:15 decompressing done 309B in 0.00s (1.2MB/s)\n 04:45:15 Resolving done 3.0 objects in 0.05s (58.0 objects/s)\n 04:45:15 Decoding done 309B in 0.05s (6.0KB/s)\n 04:45:15 writing index file done 1.2KB in 0.00s (7.0MB/s)\n 04:45:15 create index file done 3.0 objects in 0.05s (55.0 objects/s)\n 04:45:15 read pack done 294B in 0.05s (5.4KB/s)\nError: IO error while writing blob or reading file metadata or changing filetype\n\nCaused by:\n Incorrect function. (os error 1)\n```\n\nThe exact placement of the message is nondeterministic. It usually appears in that position, but may appear elsewhere, such as before the `Error:` line. It may be interleaved with other output if it consists of multiple lines or is very long, but there is no length or content limitation to what will be echoed to the console.\n\n### Impact\n\nIf Windows is not used, or untrusted repositories are not cloned or otherwise used, then there is no impact.\n\nThe impact is expected to be limited in common configurations, but may vary widely depending on what devices exist, how they are being used, how much knowledge an attacker has of the precise details of their use, and whether the user is likely to trust information that appears in a console. Accessing devices through refs is expected to be less dangerous than accessing them through filenames, since it is trivial to attempt to write arbitrary data using filenames.\n\nFor attacks using the `CON` or `CONOUT$` device names, the greatest risk is if a command the user would not otherwise run, and would not be convinced to run by untrusted instructions, seems reasonable when a trusted application such as `gix` appears to recommend it. The user may then be misled into running an attacker\u0027s command.\n\nA minor degradation in availability may also be possible, such as with a very large file named `CON`, though the user could usually interrupt the application.",
"id": "GHSA-49jc-r788-3fc9",
"modified": "2024-07-16T17:17:35Z",
"published": "2024-05-22T14:13:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Byron/gitoxide/security/advisories/GHSA-49jc-r788-3fc9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35197"
},
{
"type": "PACKAGE",
"url": "https://github.com/Byron/gitoxide"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0351.html"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0352.html"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0353.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "gix refs and paths with reserved Windows device names access the devices"
}
GHSA-87HC-H4R5-73F7
Vulnerability from github – Published: 2026-01-08 19:51 – Updated: 2026-02-02 19:57Werkzeug's safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as CON.txt, or trailing spaces such as CON.
This was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the fix failed to account for compound extensions such as CON.txt.html or trailing spaces. It also missed some additional special names.
send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Werkzeug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-21860"
],
"database_specific": {
"cwe_ids": [
"CWE-67"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-08T19:51:21Z",
"nvd_published_at": "2026-01-08T19:15:59Z",
"severity": "MODERATE"
},
"details": "Werkzeug\u0027s `safe_join` function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as `CON`, `AUX`, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as `CON.txt`, or trailing spaces such as `CON `.\n\nThis was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the fix failed to account for compound extensions such as `CON.txt.html` or trailing spaces. It also missed some additional special names.\n\n`send_from_directory` uses `safe_join` to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.",
"id": "GHSA-87hc-h4r5-73f7",
"modified": "2026-02-02T19:57:31Z",
"published": "2026-01-08T19:51:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21860"
},
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3"
},
{
"type": "PACKAGE",
"url": "https://github.com/pallets/werkzeug"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": " Werkzeug safe_join() allows Windows special device names with compound extensions"
}
GHSA-C2F5-JXJV-2HH8
Vulnerability from github – Published: 2024-11-05 22:18 – Updated: 2025-05-02 12:53Impact
Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them gain access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports.
Patches
Patch releases for Wasmtime have been issued as 24.0.2, 25.0.3, and 26.0.1. Users of Wasmtime 23.0.x and prior are recommended to upgrade to one of these patched versions.
Workarounds
There are no known workarounds for this issue. Affected Windows users are recommended to upgrade.
References
- Microsoft's documentation of the special device filenames
- ISO-8859-1
- The original PR reporting the issue
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "wasmtime"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "wasmtime"
},
"ranges": [
{
"events": [
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "wasmtime"
},
"ranges": [
{
"events": [
{
"introduced": "26.0.0"
},
{
"fixed": "26.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"26.0.0"
]
}
],
"aliases": [
"CVE-2024-51745"
],
"database_specific": {
"cwe_ids": [
"CWE-184",
"CWE-67"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-05T22:18:49Z",
"nvd_published_at": "2024-11-05T22:15:21Z",
"severity": "LOW"
},
"details": "### Impact\n\nWasmtime\u0027s filesystem sandbox implementation on Windows blocks access to special device filenames such as \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", and so on, however it did not block access to the special device filenames which use superscript digits, such as \"COM\u00b9\", \"COM\u00b2\", \"LPT\u2070\", \"LPT\u00b9\", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them gain access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports.\n\n### Patches\n\nPatch releases for Wasmtime have been issued as 24.0.2, 25.0.3, and 26.0.1. Users of Wasmtime 23.0.x and prior are recommended to upgrade to one of these patched versions.\n\n### Workarounds\n\nThere are no known workarounds for this issue. Affected Windows users are recommended to upgrade.\n\n### References\n\n - [Microsoft\u0027s documentation](https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions) of the special device filenames\n - [ISO-8859-1](https://en.wikipedia.org/wiki/ISO/IEC_8859-1)\n - [The original PR reporting the issue](https://github.com/bytecodealliance/cap-std/pull/371)",
"id": "GHSA-c2f5-jxjv-2hh8",
"modified": "2025-05-02T12:53:57Z",
"published": "2024-11-05T22:18:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51745"
},
{
"type": "WEB",
"url": "https://github.com/bytecodealliance/cap-std/pull/371"
},
{
"type": "WEB",
"url": "https://en.wikipedia.org/wiki/ISO/IEC_8859-1"
},
{
"type": "PACKAGE",
"url": "https://github.com/bytecodealliance/wasmtime"
},
{
"type": "WEB",
"url": "https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0438.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Wasmtime doesn\u0027t fully sandbox all the Windows device filenames"
}
GHSA-HGF8-39GV-G3F2
Vulnerability from github – Published: 2025-12-02 00:27 – Updated: 2025-12-02 00:27Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "werkzeug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66221"
],
"database_specific": {
"cwe_ids": [
"CWE-67"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T00:27:38Z",
"nvd_published_at": "2025-11-29T03:16:00Z",
"severity": "MODERATE"
},
"details": "Werkzeug\u0027s `safe_join` function allows path segments with Windows device names. On Windows, there are special device names such as `CON`, `AUX`, etc that are implicitly present and readable in every directory. `send_from_directory` uses `safe_join` to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.",
"id": "GHSA-hgf8-39gv-g3f2",
"modified": "2025-12-02T00:27:38Z",
"published": "2025-12-02T00:27:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66221"
},
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13"
},
{
"type": "PACKAGE",
"url": "https://github.com/pallets/werkzeug"
},
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/releases/tag/3.1.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Werkzeug safe_join() allows Windows special device names"
}
Mitigation
Be familiar with the device names in the operating system where your system is deployed. Check input for these device names.
No CAPEC attack patterns related to this CWE.