Mako Template Engine Path Traversal Vulnerability on Windows
A path traversal vulnerability exists in Mako versions 1.3.11 and earlier on Windows, allowing attackers to read arbitrary files outside the configured template directory by using backslashes in URIs to bypass directory traversal checks.
Mako is a template library written in Python. A path traversal vulnerability, identified as CVE-2026-44307, affects Mako versions 1.3.11 and earlier when running on Windows. The vulnerability stems from inconsistencies in how Mako handles path normalization. Specifically, the TemplateLookup.get_template() function, which uses posixpath for URI normalization, differs from the Template.__init__() function, which uses os.path for file access and validation. This discrepancy allows attackers to bypass directory traversal checks by crafting URIs that contain backslashes. Backslashes are treated as path separators by os.path on Windows but as literal characters by posixpath, leading to incorrect validation. This vulnerability allows an attacker to load and disclose readable files outside the configured template directory if an application passes user-controlled template names or include paths to TemplateLookup.get_template().
Attack Chain
- The attacker crafts a malicious URI containing backslash-based path traversal sequences (e.g.,
\..\..\secret.txt). - The application passes the crafted URI to
TemplateLookup.get_template(). get_template()strips leading forward slashes and normalizes the URI usingposixpath.normpath(). Backslashes are treated as literal characters, bypassing directory traversal checks.- The URI is passed to
Template.__init__()for template initialization and validation. Template.__init__()usesos.path.normpath()to normalize the URI. On Windows, this resolves backslash traversal, converting\..\..\secret.txtto\secret.txt.- The
startswith("..")check inTemplate.__init__()incorrectly passes because the normalized path\secret.txtdoes not begin with... os.path.isfile()is used to check for the existence of the file. On Windows,os.path.isfile()interprets backslashes as path separators, successfully resolving the path and locating the file outside the intended template directory.- The attacker successfully reads the contents of the file, leading to information disclosure.
Impact
Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the system that the application has access to. The vulnerability affects Mako versions 1.3.11 and earlier on Windows. If the targeted file contains Mako/Python template syntax, it may also be parsed and executed as a template, potentially leading to further code execution. The primary impact is local file disclosure.
Recommendation
- Apply the patch or upgrade to a version of Mako greater than 1.3.11 to remediate CVE-2026-44307.
- Sanitize user-supplied template names and include paths before passing them to
TemplateLookup.get_template()to prevent path traversal attacks. - Deploy the Sigma rules in this brief to your SIEM to detect exploitation attempts targeting this vulnerability.
Detection coverage 2
Detect Mako Template Path Traversal Attempt via Backslash
highDetects attempts to exploit the Mako template path traversal vulnerability (CVE-2026-44307) by identifying requests containing backslash-based path traversal sequences.
Detect Mako Template Execution with Suspicious Characters in URI
mediumDetects potential Mako template execution when suspicious characters are present in the URI, indicating possible path traversal attempts.
Detection queries are kept inside the platform. Get full rules →