CVE-2026-44307 Overview
CVE-2026-44307 is a path traversal vulnerability [CWE-22] in the Mako template library for Python. On Windows hosts, a URI containing backslash traversal sequences such as \..\..\secret.txt bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(). The flaw allows attackers to read files outside the configured template directory. The issue affects all Mako versions prior to 1.3.12 and is documented as an incomplete fix for CVE-2026-41205. Maintainers resolved the issue in Mako 1.3.12 by normalizing backslash characters to forward slashes before path resolution.
Critical Impact
Unauthenticated attackers can read arbitrary files outside the template directory on Windows-hosted Mako applications by supplying backslash-based traversal URIs.
Affected Products
- Mako template library versions prior to 1.3.12
- Python applications using Mako TemplateLookup on Windows
- Web frameworks and tooling that expose user-controlled template URIs to Mako
Discovery Timeline
- 2026-05-12 - CVE-2026-44307 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-44307
Vulnerability Analysis
Mako is a server-side template library widely used in Python web applications. The TemplateLookup class resolves template URIs against one or more configured directories. Prior to 1.3.12, the lookup logic stripped leading forward slashes and relied on posixpath-style normalization to detect traversal attempts. On Windows, the operating system treats backslashes as path separators in addition to forward slashes. A URI such as \..\..\secret.txt is not flagged by the posixpath normalizer, but the underlying Windows filesystem honors the backslashes and resolves the path outside the template root. This produces an out-of-tree file read.
Root Cause
The root cause is inconsistent path separator handling between the validation layer and the filesystem layer. The traversal check in Template.__init__ and the normalization performed by TemplateLookup.get_template() only consider posix separators. Windows accepts both / and \, so an attacker-controlled URI with backslashes bypasses validation while still resolving to a real filesystem path.
Attack Vector
The vulnerability is exploitable over the network when an application passes user-supplied input to TemplateLookup.get_template() without sanitizing path separators. No authentication or user interaction is required. Successful exploitation discloses file contents readable by the process running the Mako application, which can include configuration files, credentials, and source code.
# Patch in mako/lookup.py (Source: https://github.com/sqlalchemy/mako/commit/72e10c573ca0fbcbddd4455abca8ce92a61780d7)
else:
return self._collection[uri]
except KeyError as e:
- u = re.sub(r"^\/+", "", uri)
+ u = re.sub(r"^\/+", "", uri.replace("\\", "/"))
for dir_ in self.directories:
# make sure the path seperators are posix - os.altsep is empty
# on POSIX and cannot be used.
The fix replaces backslash characters with forward slashes before stripping leading separators, ensuring the normalization step sees the same path the Windows filesystem will resolve. Reference: GitHub Security Advisory GHSA-2h4p-vjrc-8xpq.
Detection Methods for CVE-2026-44307
Indicators of Compromise
- HTTP request URIs or template parameters containing backslash sequences such as \..\ or %5C..%5C
- Mako application logs showing template lookups resolving to paths outside configured directories
- Web server access logs with URL-encoded backslash bytes (%5C) preceding sensitive filenames
- Unexpected file reads by the Python process hosting Mako, targeting files such as web.config, .env, or credential stores
Detection Strategies
- Inventory Python dependencies and flag installations of Mako earlier than 1.3.12 on Windows hosts
- Inspect application code for direct passing of HTTP parameters into TemplateLookup.get_template() without sanitization
- Add web application firewall rules that decode and inspect %5C and raw backslash sequences in request paths and query strings
Monitoring Recommendations
- Log and alert on Mako template resolution errors and lookups that fall back to filesystem access outside expected directories
- Monitor file access telemetry on Windows web servers for the Python process opening files outside the template root
- Correlate authentication-free HTTP requests containing traversal patterns with subsequent sensitive file reads
How to Mitigate CVE-2026-44307
Immediate Actions Required
- Upgrade Mako to version 1.3.12 or later on all Windows-hosted applications
- Audit application endpoints that forward user input to TemplateLookup and add input validation
- Restrict filesystem permissions for the account running Mako-based services to limit blast radius of arbitrary reads
Patch Information
The issue is fixed in Mako 1.3.12. The patch normalizes backslash characters to forward slashes before path resolution in mako/lookup.py. See the Mako 1.3.12 release notes, the upstream commit, and the issue discussion for full technical context.
Workarounds
- Reject or sanitize any user-supplied template URI containing \, %5C, or .. sequences before invoking Mako
- Whitelist allowed template names against a static list rather than passing arbitrary URIs to TemplateLookup
- Run Windows-hosted Mako applications under a low-privilege service account with read access limited to the template directory
# Upgrade Mako to the patched release
pip install --upgrade "Mako>=1.3.12"
# Verify installed version
python -c "import mako; print(mako.__version__)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
