CVE-2026-45553 affects NiceGUI, a Python-based UI framework, in versions prior to 3.12.0. The vulnerability exists in the ui.restructured_text() function which renders reStructuredText server-side using Docutils without properly disabling file insertion directives. Attackers can exploit this by passing malicious content to ui.restructured_text() and using standard Docutils directives (include, csv-table with :file:, raw with :file:) to read local files accessible to the NiceGUI server process. Applications that only use trusted static strings with ui.restructured_text() are not affected. The vulnerability has been patched in version 3.12.0.