CVE-2022-35918: Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custo
Summary
Streamlit, a Python framework for building data applications, has a directory traversal vulnerability (a type of attack where an attacker uses specially crafted file paths to access files they shouldn't be able to reach) in versions before 1.11.1. An attacker could trick the Streamlit server into reading and returning sensitive files from the server's file system, such as logs or other confidential information.
Solution / Mitigation
Upgrade to Streamlit version 1.11.1 or later. The source explicitly states, 'This issue has been resolved in version 1.11.1. Users are advised to upgrade.' No workarounds are available.
Vulnerability Details
6.5(medium)
EPSS: 1.4%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-35918
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 85%