CVE-2026-40086
Last modified
CVE-2026-40086 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter, an attacker can force the server to attempt loading any file as an ONNX model, revealing file existence, permissions, and potentially file contents through error messages. This vulnerability is fixed in 2.0.75.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Danielgatis | Rembg | < 2.0.75 |
References
- https://github.com/danielgatis/rembg/releases/tag/v2.0.75Product, Release Notes
- https://github.com/danielgatis/rembg/security/advisories/GHSA-3wqj-33cg-xc48Exploit, Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-40086?
How severe is CVE-2026-40086?
How do I fix CVE-2026-40086?
Are you affected by CVE-2026-40086?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST