CVE-2026-49136

Published: Jun 1, 2026

Modified: Jun 2, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check using os.path.startswith() without a trailing separator. Attackers can supply crafted markdown image references in user-controlled page descriptions that resolve to sibling directories whose names share the uploads folder prefix, bypassing the directory confinement check and causing the application to read files from unintended locations via PIL Image.open().

Vendor	Product	Versions
Anionex	banana-slides	affected `0 - <= 0.4.0` unaffected `e8bc490ec8b4b657e07dc3ab4e94fbedcaade421`

Weaknesses (CWE)

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://github.com/Anionex/banana-slides/issues/429

technical-description

exploit

https://github.com/Anionex/banana-slides/pull/430

issue-tracking

https://github.com/Anionex/banana-slides/commit/e8bc490ec8b4b657e07dc3ab4e94fbedcaade421

patch

https://www.vulncheck.com/advisories/banana-slides-path-traversal-via-generate-image-in-ai-service-py

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-49136

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References