How is CVE-2026-45553 exploited?

Network reachability (required): The vulnerable rendering function is served over the network; an attacker must be able to reach the NiceGUI application endpoint to submit malicious reStructuredText content. Authentication (not-required): No credentials or session token are needed; the attacker only needs to reach the application and supply attacker-controlled input to the affected function. Victim interaction (not-required): No user action is required; the attacker submits the malicious directive directly to the server-side rendering path without any victim involvement. Attack complexity (info): Exploit complexity is low: the attack uses standard, documented Docutils directives and requires no special timing, race conditions, or environmental setup.

What is the impact of CVE-2026-45553?

Reads arbitrary local files that the NiceGUI server process has permission to open, including environment files, application configuration, and on-disk secrets such as API keys or database passwords. Reads files outside the application directory if the OS user running the server has broader filesystem access, for example /etc/passwd or mounted secret volumes in a container. Exposes any credentials or tokens embedded in files, which an attacker can use to pivot to other services or authentication systems.

Back to search

HIGHCVE-2026-45553Published 2026-06-02Modified 2026-06-03CNA GitHub_M

CVE-2026-45553: NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructured_text(), an attacker can use standard Docutils directives (include, csv-table with :file:, raw with :file:) to read local files readable by the NiceGUI server process. Applications that only pass trusted static strings to ui.restructured_text() are not affected. This issue has been patched in version 3.12.0.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a local file disclosure vulnerability in NiceGUI, a Python-based UI framework. The flaw is reachable over the network with no authentication required, affecting any NiceGUI application that passes attacker-controlled input to the ui.restructured_text() function. Successful exploitation lets an attacker read arbitrary local files accessible to the NiceGUI server process, including configuration files, credentials, or application secrets. No fix version has been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available as soon as an upstream fix ships.

HarborGuard Coverage

Detection

Detection of CVE-2026-45553 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle NiceGUI. Any image carrying a vulnerable version of zauberzeug/nicegui below 3.12.0 is flagged automatically.

Available

Triage

HarborGuard scores this finding at CVSS 7.5 HIGH and weights it against each environment's compliance policy to determine urgency and routing. The finding is delivered to the appropriate team inbox within each customer org based on configured ownership rules.

Available

Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available at the moment upstream ships a remediated release. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable rendering function is served over the network; an attacker must be able to reach the NiceGUI application endpoint to submit malicious reStructuredText content.
AuthenticationNot required
No credentials or session token are needed; the attacker only needs to reach the application and supply attacker-controlled input to the affected function.
Victim interactionNot required
No user action is required; the attacker submits the malicious directive directly to the server-side rendering path without any victim involvement.
Attack complexityDetail
Exploit complexity is low: the attack uses standard, documented Docutils directives and requires no special timing, race conditions, or environmental setup.

Blast Radius

Reads arbitrary local files that the NiceGUI server process has permission to open, including environment files, application configuration, and on-disk secrets such as API keys or database passwords.
Reads files outside the application directory if the OS user running the server has broader filesystem access, for example /etc/passwd or mounted secret volumes in a container.
Exposes any credentials or tokens embedded in files, which an attacker can use to pivot to other services or authentication systems.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45553 is active now, flagging any image that includes NiceGUI below version 3.12.0. Because no upstream patch exists at this time, HarborGuard monitors the advisory on every ingest cycle and will automatically trigger a patched-image rebuild for affected environments the moment zauberzeug publishes a fix. For customers with auto-remediation enabled, that rebuild will be followed by a regression-test run and a PR opened against affected workloads. In the interim, the most effective compensating controls are to audit all call sites of ui.restructured_text() and ensure only trusted, static strings are passed to the function; where user-supplied input must be rendered, apply an allowlist or strip file-insertion directives before passing content to NiceGUI. Network-policy isolation that restricts which clients can reach the NiceGUI application surface reduces exposure for internet-facing deployments.

See how HarborGuard automates this

Affected packages

zauberzeug / nicegui
< 3.12.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Metrics

Get notified