CVE-2026-39847 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 8, 2026
Emmett - Path Traversal
Overview
Emmett 2.5.0 to < 2.8.1 contains a path traversal caused by improper sanitization of ../ sequences in the RSGI static handler for internal assets, letting attackers read arbitrary files outside the assets directory, exploit requires no special privileges.
Severity & Score
Impact
Attackers can read arbitrary files outside the intended directory, potentially exposing sensitive information.
Mitigation
Upgrade to version 2.8.1 or later.
Social Media Activity(2 posts)
š“ CVE-2026-39847 - Critical (9.1) Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) is vulnerable to path traversal attacks. An attacker can use ../ sequences (... š https://www.thehackerwire.com/vulnerability/CVE-2026-39847/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
ā ļø Emmett framework (2.5.0 ā <2.8.1) suffers from a CRITICAL path traversal (CVE-2026-39847). Attackers can remotely read files outside the asset directory. Patch by upgrading to 2.8.1+. Details: https://radar.offseq.com/threat/cve-2026-39847-cwe-22-improper-limitation-of-a-pat-645f3706 #OffSeq #Emmett #PathTraversal #CVE202639847
View original postRelated Resources
Details
- CVE ID
- CVE-2026-39847
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 5.1%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H