Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
NiceGUI: Malicious Files Can Be Written to Wrong Folders on Windows
GHSA-w8wv-vfpc-hw2w
CVE-2026-39844
Summary
Some NiceGUI applications on Windows may allow attackers to write files to unintended locations, potentially leading to data loss, data corruption, or even code execution. This happens when malicious files are uploaded with names containing backslashes. To protect your application, update the filename sanitization code to correctly handle Windows file paths.
What to do
- Update nicegui to version 3.10.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | nicegui | <= 3.9.0 | 3.10.0 |
Original title
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows
Original description
### Summary
The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses `PurePosixPath(filename).name` to strip path components. Since `PurePosixPath` only recognizes forward slashes (`/`) as path separators, an attacker can bypass this sanitization on Windows by using backslashes (`\`) in the upload filename.
Applications that construct file paths using `file.name` (a pattern demonstrated in NiceGUI's bundled examples) are vulnerable to arbitrary file write on Windows.
### Details
The sanitization in `nicegui/elements/upload_files.py` uses:
```python
filename = PurePosixPath(upload.filename or '').name
```
`PurePosixPath` treats backslashes as literal characters, not path separators:
```python
>>> PurePosixPath('..\\..\\secret\\evil.txt').name
'..\\..\\secret\\evil.txt' # Not stripped!
```
When this filename is used in a path operation on Windows (e.g., `Path('uploads') / file.name`), Windows `Path` interprets backslashes as directory separators, resolving the path outside the intended directory.
### Impact
On Windows deployments of NiceGUI applications that use `file.name` in path construction:
- **Arbitrary file write** outside the intended upload directory
- **Potential remote code execution** through overwriting application files or placing executables in known locations
- **Data integrity loss** through overwriting existing files
Linux and macOS are not affected, as they treat backslashes as literal filename characters.
The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses `PurePosixPath(filename).name` to strip path components. Since `PurePosixPath` only recognizes forward slashes (`/`) as path separators, an attacker can bypass this sanitization on Windows by using backslashes (`\`) in the upload filename.
Applications that construct file paths using `file.name` (a pattern demonstrated in NiceGUI's bundled examples) are vulnerable to arbitrary file write on Windows.
### Details
The sanitization in `nicegui/elements/upload_files.py` uses:
```python
filename = PurePosixPath(upload.filename or '').name
```
`PurePosixPath` treats backslashes as literal characters, not path separators:
```python
>>> PurePosixPath('..\\..\\secret\\evil.txt').name
'..\\..\\secret\\evil.txt' # Not stripped!
```
When this filename is used in a path operation on Windows (e.g., `Path('uploads') / file.name`), Windows `Path` interprets backslashes as directory separators, resolving the path outside the intended directory.
### Impact
On Windows deployments of NiceGUI applications that use `file.name` in path construction:
- **Arbitrary file write** outside the intended upload directory
- **Potential remote code execution** through overwriting application files or placing executables in known locations
- **Data integrity loss** through overwriting existing files
Linux and macOS are not affected, as they treat backslashes as literal filename characters.
ghsa CVSS3.1
5.9
Vulnerability type
CWE-22
Path Traversal
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026