CVE-2026-27199: Werkzeug safe_join() allows Windows special device names

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Feb

Released

2026-02-25

Last Updated

2026-03-03

EPSS Score

0.02% (percentile: 5.3%)

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (5)

Other

• 17600-17084
• 19837-17086
• 19712-17086
• 19693-17084

Open Source Software

• azl3 tensorflow 2.16.1-10 on Azure Linux 3.0

Revision History

• 2026-02-25: Information published.
• 2026-03-03: Information published.