HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-49136Published Modified CNA VulnCheck

CVE-2026-49136: Banana Slides 0.4.0 Path Traversal via generate_image() in ai_service.py

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check using os.path.startswith() without a trailing separator. Attackers can supply crafted markdown image references in user-controlled page descriptions that resolve to sibling directories whose names share the uploads folder prefix, bypassing the directory confinement check and causing the application to read files from unintended locations via PIL Image.open().

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
e8bc490ec8b4b657e07dc3ab4e94fbedcaade421
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Path traversal in Banana Slides 0.4.0 allows an unauthenticated remote attacker to read arbitrary image-format files from the server's filesystem. The flaw is in the generate_image() function in ai_service.py, where a prefix check using os.path.startswith() without a trailing separator fails to confine file access to the intended uploads directory. Successful exploitation lets an attacker read any file that PIL Image.open() can parse outside the uploads directory, including files in sibling directories whose names share the uploads folder prefix. A patched-image rebuild at commit e8bc490ec8b4b657e07dc3ab4e94fbedcaade421 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-49136 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images derived from Banana Slides. Any image pinned to Anionex/banana-slides at version 0.4.0 or earlier is flagged automatically.

Available
Triage

HarborGuard scores this vulnerability at CVSS v4.0 8.7 (HIGH) and surfaces it accordingly when evaluating affected images against each customer's compliance policy. Triage findings are routed to the team inbox configured for the relevant environment, with severity weighting applied based on policy thresholds.

Available
Patch

A patched-image rebuild based on the upstream fix commit e8bc490ec8b4b657e07dc3ab4e94fbedcaade421 is available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a PR against affected workloads without manual intervention.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network; an attacker must be able to reach the Banana Slides service via HTTP/HTTPS to supply crafted markdown image references.

  • AuthenticationNot required

    No account or credentials are needed; the path traversal is reachable by any unauthenticated request to the generate_image() endpoint.

  • Victim interactionNot required

    The attacker sends a crafted request directly to the server; no user action such as clicking a link is required for exploitation.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; crafting a sibling-directory path that bypasses the prefix check requires no race conditions or special environmental setup.

Blast Radius

  • An attacker reads arbitrary image-format files (JPEG, PNG, BMP, and other formats PIL can open) located outside the uploads directory on the server filesystem.
  • Files in sibling directories whose names share the uploads folder prefix are directly accessible, including any image-format data stored there such as profile pictures, internal assets, or cached render output.
  • If image-format files contain embedded metadata or sensitive content (for example, exported charts with embedded data, screenshots, or credential QR codes), that content is exposed to the attacker without any authentication.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-49136 is active for all scanned images at Banana Slides version 0.4.0 or earlier. A patched-image rebuild targeting the upstream fix commit (e8bc490ec8b4b657e07dc3ab4e94fbedcaade421) is available for affected environments. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is surfaced in the triage inbox with the fix commit cited so engineers can act manually. Until the patch is applied, compensating controls worth considering include restricting network access to the Banana Slides AI service endpoint at the ingress or network-policy layer and validating that no sensitive image-format files reside in directories whose names share the uploads folder prefix.

See how HarborGuard automates this

Fix available

e8bc490ec8b4b657e07dc3ab4e94fbedcaade421
Patch commits
Affected packages
  • Anionex / banana-slides
    ≤ 0.4.0
    Fixed in e8bc490ec8b4b657e07dc3ab4e94fbedcaade421
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References