CVE-2026-35052CRITICAL 9.8EPSS p45.1%

CVE-2026-35052CVE-2026-35052

Description

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. This vulnerability is fixed in 3.22.0.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.62% probability of exploitation · percentile 45.1% · 2026-06-18T12:00:27Z
Published2026-04-06
Last modified2026-04-20

Underlying weaknesses· 1

CWE-79

References

  1. https://github.com/man-group/dtale/security/advisories/GHSA-436g-fhfc-9g5w

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27194
CVE
CVE-2025-27520
CVE
CVE-2025-32375
CVE
CVE-2025-58046
CVE
CVE-2026-10705
CVE
CVE-2025-69872
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.