top of page
perceptive_background_267k.jpg

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend t…

Published:

31 mei 2026 om 22:00:00

Alert date:

1 juni 2026 om 22:04:03

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

Banana Slides through version 0.4.0 contains a path traversal vulnerability in the generate_image() function within the AI service backend. The vulnerability allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check using os.path.startswith() without a trailing separator. Attackers can supply crafted markdown image references in user-controlled page descriptions that resolve to sibling directories whose names share the uploads folder prefix. This bypasses the directory confinement check and causes the application to read files from unintended locations via PIL Image.open(). The issue was patched in commit e8bc490.

Technical details

Mitigation steps:

Affected products:

Banana Slides

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-49136
https://github.com/Anionex/banana-slides/commit/e8bc490ec8b4b657e07dc3ab4e94fbedcaade421
https://github.com/Anionex/banana-slides/issues/429
https://github.com/Anionex/banana-slides/pull/430
https://www.vulncheck.com/advisories/banana-slides-path-traversal-via-generate-image-in-ai-service-py

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page