Home Embedded Vulns General Vulns

CVE-2026-39847

CRITICAL 9.1

Our Analysis: Environment Specific

Our model has classified this vulnerability as relevant to Environment Specific Systems, helping your team prioritize efforts effectively.

Published Date April 7, 2026
Last Modified April 7, 2026
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Description

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) is vulnerable to path traversal attacks. An attacker can use ../ sequences (eg /__emmett__/../rsgi/handlers.py) to read arbitrary files outside the assets directory. This vulnerability is fixed in 2.8.1.

Potentially Affected Vendors