CVE-2026-35052

MEDIUM SEVERITY

Vulnerability Description

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. This vulnerability is fixed in 3.22.0.

Vulnerability Details

Published Date

April 03, 2026

Last Modified

April 07, 2026

CWE ID

CWE-79

Source

GitHub

Vendor

pip

Product

dtale

External References

https://github.com/man-group/dtale/security/advisories/GHSA-436g-fhfc-9g5w
https://github.com/advisories/GHSA-436g-fhfc-9g5w

CVE-2026-35052

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment