Taipy version 4.1.1 contains a critical path traversal vulnerability in the ElementLibrary.get_resource() method that allows unauthenticated attackers to access files outside the intended directory. The vulnerability stems from an incomplete path containment check using str.startswith() without proper path separator validation. Attackers can exploit this by sending crafted GET requests with path traversal segments to bypass directory restrictions. The flaw affects the taipy/gui/extension/library.py file and has been fixed in commit 129fd40. The vulnerability enables unauthorized file access by exploiting Flask's path converter and Werkzeug's WSGI layer behavior.