CVE-2026-46338: Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path

May 19, 2026

pymdownx.snippets has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With restrict_base_path: True (the default), the current filename.startswith(base) containment check does not enforce a directory boundary. As a result, a markdown snippet directive can read files from sibling paths that share the same prefix as base_path, such as docs vs docs_internal.

The regression was introduced in PR #2039 / commit 7c13bda5b7793b172efd1abb6712e156a83fe07d, which replaced the original directory-identity check with a plain string-prefix comparison.

References

github.com/advisories/GHSA-62q4-447f-wv8h
github.com/facelessuser/pymdown-extensions/pull/2039
github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-62q4-447f-wv8h
nvd.nist.gov/vuln/detail/CVE-2026-46338

Code Behaviors & Features

Detect and mitigate CVE-2026-46338 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →