CVE-2026-21860 Overview
CVE-2026-21860 is a path traversal vulnerability in Werkzeug, a comprehensive WSGI web application library widely used in Python web frameworks including Flask. The vulnerability exists in the safe_join function, which fails to properly sanitize path segments containing Windows device names with file extensions or trailing spaces. This allows attackers to potentially access restricted system resources through specially crafted path inputs.
Critical Impact
Attackers can bypass path sanitization controls to access Windows reserved device names (CON, AUX, NUL, etc.) by appending file extensions or trailing spaces, potentially enabling information disclosure or denial of service on Windows-based deployments.
Affected Products
- Werkzeug versions prior to 3.1.5
- Flask applications using vulnerable Werkzeug versions on Windows
- Any Python WSGI application leveraging Werkzeug's safe_join function on Windows systems
Discovery Timeline
- 2026-01-08 - CVE CVE-2026-21860 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2026-21860
Vulnerability Analysis
This vulnerability stems from improper handling of file names in Werkzeug's safe_join function (CWE-67: Improper Handling of Windows Device Names). The function is designed to safely join untrusted path components to a base directory, preventing path traversal attacks. However, the implementation fails to account for a Windows-specific behavior where reserved device names remain accessible regardless of file extensions or trailing characters.
On Windows operating systems, certain device names such as CON, AUX, NUL, PRN, COM1-COM9, and LPT1-LPT9 are reserved and implicitly present in every directory. Critically, Windows continues to recognize these device names even when a file extension is appended (e.g., CON.txt) or when trailing spaces are present (e.g., CON ). The safe_join function did not properly detect and reject these variations, allowing them to pass validation checks.
When an attacker provides a path segment like CON.txt to a web application using safe_join, the function incorrectly treats it as a safe file path. When the application subsequently attempts to read this "file," Windows redirects the operation to the console device, which could lead to resource exhaustion or application hangs.
Root Cause
The root cause of this vulnerability is the incomplete blocklist implementation in Werkzeug's safe_join function. While the function may have blocked direct references to Windows device names, it did not account for the variations that Windows accepts—specifically device names with file extensions and trailing whitespace. This oversight in input validation allows malicious path segments to bypass the intended security controls.
Attack Vector
The attack can be executed remotely over the network without authentication. An attacker would craft HTTP requests containing malicious path segments targeting the safe_join function. The exploitation requires the target application to be running on a Windows system and to process user-supplied path components through Werkzeug's file handling utilities.
A typical attack scenario involves sending requests with path components such as CON.txt, AUX.log, or NUL (with trailing space) to endpoints that serve static files or process file uploads. When the application attempts to access these paths, the operation is redirected to the corresponding Windows device, potentially causing the application to hang or behave unexpectedly.
Detection Methods for CVE-2026-21860
Indicators of Compromise
- HTTP requests containing Windows device names with extensions in path parameters (e.g., /files/CON.txt, /static/AUX.log)
- Unusual application hangs or timeouts when processing file requests on Windows systems
- Log entries showing file access attempts to paths matching patterns like CON.*, AUX.*, NUL.*, PRN.*
- Repeated requests with trailing spaces in filenames targeting reserved device names
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block requests containing Windows reserved device names with extensions or trailing spaces
- Configure intrusion detection systems (IDS) to alert on path segments matching regex patterns for device name variations (e.g., (?i)(con|aux|nul|prn|com[1-9]|lpt[1-9])(\.[^/\\]*|\s+)?$)
- Deploy application-level logging to capture and analyze all file path operations
- Use SentinelOne's behavioral AI to detect anomalous file access patterns and application behavior indicative of exploitation attempts
Monitoring Recommendations
- Monitor application logs for requests containing suspicious path patterns targeting Windows device names
- Track application response times and timeout events that may indicate exploitation attempts causing hangs
- Enable verbose logging on file serving endpoints to capture all path resolution attempts
- Set up alerts for repeated requests from single sources targeting static file endpoints with unusual filenames
How to Mitigate CVE-2026-21860
Immediate Actions Required
- Upgrade Werkzeug to version 3.1.5 or later immediately on all Windows deployments
- Review application code for custom file path handling that may be affected by similar issues
- Implement additional input validation at the application layer to reject Windows device names in any form
- Consider deploying web application firewall rules as a temporary protective measure while patching
Patch Information
The Werkzeug development team has addressed this vulnerability in version 3.1.5. The fix enhances the safe_join function to properly detect and reject Windows device names regardless of file extensions or trailing whitespace. Organizations should update their dependencies by running pip install --upgrade werkzeug>=3.1.5 or updating their requirements files accordingly.
For detailed information about the patch, refer to the GitHub Commit and the GitHub Security Advisory.
Workarounds
- Implement custom middleware or decorators to validate and sanitize file paths before they reach safe_join
- Deploy applications behind a reverse proxy configured to reject requests with Windows device name patterns
- Run affected applications on Linux/Unix systems where this vulnerability does not apply
- Disable or restrict access to endpoints that process user-supplied file paths until patching is complete
# Configuration example
# Upgrade Werkzeug to patched version
pip install --upgrade werkzeug>=3.1.5
# Verify installed version
pip show werkzeug | grep Version
# For applications using requirements.txt, update the constraint:
# werkzeug>=3.1.5
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
