PulsePatch.io on Horizon: "NiceGUI has a path traversal vulnerability (CVE-2026-25732) via unsanitized file"

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

NiceGUI has a path traversal vulnerability (CVE-2026-25732) via unsanitized file uploads, enabling arbitrary file write. Patching is advised for #NiceGUI applications. #PathTraversal #InfoSec pulsepatch.io/posts/cve-2026…

2:40 PM · Feb 8, 2026 · 51 Views