CVE-2026-35052

216.73.217.22

· Published 06/04/2026 18:16 · Modified 07/04/2026 13:20

Labels: CVE-2026-35052 2026-04-06 CVE-2026-35052 CWE-79 [email protected]

Essential information

Published: 06/04/2026 18:16
Modified: 07/04/2026 13:20
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. This vulnerability is fixed in 3.22.0.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
d-tale / d-tale	`cpe:2.3:a:d-tale:d-tale:<3.22.0:::::::*`
flask / flask	`cpe:2.3:a:flask:flask::::::::`
react / react	`cpe:2.3:a:react:react::::::::`
pandas / pandas	`cpe:2.3:a:pandas:pandas::::::::`
redis / redis	`cpe:2.3:a:redis:redis::::::::`