HIGH 7.5

CVE-2026-45553: NiceGUI reStructuredText File Disclosure Vulnerability

NiceGUI, a Python UI framework, has a file disclosure vulnerability in its reStructuredText rendering feature. When applications pass user-controlled input to the ui.restructured_text() function, attackers can exploit standard reStructuredText directives to read arbitrary files from the server. This only affects applications that process untrusted content; those using only static, trusted strings are safe. The issue is fixed in version 3.12.0.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weaknesses (CWE)
CWE-200
Affected products
0 configuration(s)
Published / Modified
2026-06-02 / 2026-06-17

NVD description (verbatim)

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructured_text(), an attacker can use standard Docutils directives (include, csv-table with :file:, raw with :file:) to read local files readable by the NiceGUI server process. Applications that only pass trusted static strings to ui.restructured_text() are not affected. This issue has been patched in version 3.12.0.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-45553 stems from NiceGUI's server-side rendering of reStructuredText via Docutils without sanitizing file insertion directives. Docutils supports several directives capable of file access: the include directive, csv-table with :file: option, and raw with :file: option. An attacker who controls input passed to ui.restructured_text() can craft malicious reStructuredText that instructs Docutils to read and include file contents in the rendered output. The vulnerability has a CVSS 3.1 score of 7.5 (HIGH), reflecting network-accessible exploitation with no authentication or user interaction required. The attack surface is limited to applications that dynamically construct reStructuredText from external sources; static content is unaffected.

Business impact

Organizations deploying NiceGUI applications that process user-supplied or third-party content risk unauthorized disclosure of sensitive files accessible to the NiceGUI process. Exposed data may include configuration files, API keys, private certificates, database credentials, or proprietary source code—depending on file system permissions and application architecture. The impact is confidentiality-focused (no integrity or availability impact per the CVSS vector), but the disclosed information could facilitate further attacks. Applications accepting dynamic reStructuredText from untrusted sources should be treated as critical until patched.

Affected systems

NiceGUI versions prior to 3.12.0 are vulnerable. The risk is context-dependent: only applications that pass attacker-controlled or user-supplied strings to ui.restructured_text() are exploitable. Applications that only render static, pre-defined reStructuredText content are not affected. Administrators should audit their NiceGUI deployments to determine whether any expose the ui.restructured_text() function to dynamic input from external sources.

Exploitability

Exploitation is straightforward and requires no special tools or authentication. An attacker simply needs to control the input to ui.restructured_text()—typically via web forms, API endpoints, or file uploads—and inject a Docutils directive referencing files on the server. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates network accessibility, low complexity, and no prerequisites, making this an attractive target if vulnerable code paths exist. The attack is not in active exploitation databases (KEV status is false), but the simplicity of exploitation means defenders should not assume inactivity.

Remediation

Upgrade NiceGUI to version 3.12.0 or later, which patches the vulnerability by addressing Docutils directive handling. Organizations unable to upgrade immediately should avoid passing user-controlled or externally sourced strings to ui.restructured_text(). If dynamic reStructuredText rendering is unavoidable, implement input validation to reject or sanitize Docutils directives (include, csv-table, raw) and file-related options before passing content to the function. Consider network segmentation to limit which files the NiceGUI process can access via OS-level permissions.

Patch guidance

Verify your NiceGUI version by checking setup.py, requirements.txt, or running pip show nicegui. If running a version prior to 3.12.0, upgrade immediately using pip install --upgrade nicegui or equivalent for your environment. Test the upgrade in a staging environment to confirm application compatibility before production deployment. Review the vendor's release notes for any breaking changes or configuration adjustments in version 3.12.0.

Detection guidance

Monitor for reStructuredText rendering errors or unexpected file I/O patterns in NiceGUI application logs. Watch for HTTP requests to ui.restructured_text() endpoints that contain Docutils directive keywords (include, csv-table, raw, file:). If available, enable request logging and inspect payloads for reStructuredText syntax. Endpoint detection and response (EDR) tools can flag file access by the NiceGUI process outside expected directories. Conduct code reviews of any ui.restructured_text() calls to identify which user inputs influence the rendered content.

Why prioritize this

This vulnerability merits prompt remediation due to its HIGH CVSS score, lack of prerequisites for exploitation, and potential for broad data exposure. Although not yet in active exploitation (KEV status is false), the simplicity of weaponizing this flaw makes it attractive to opportunistic attackers scanning for vulnerable NiceGUI instances. Organizations should prioritize patching applications that accept dynamic reStructuredText input. Instances using only static content can follow standard patching cycles.

Risk score, explained

The CVSS 3.1 score of 7.5 reflects a high-impact information disclosure with network-accessible attack surface, low exploitation complexity, and no authentication barriers. The vector /C:H/I:N/A:N emphasizes confidentiality impact (confidential data from file reads) with no integrity or availability damage. The score is not extreme (9.0+) because the vulnerability requires a specific code pattern (dynamic content passed to ui.restructured_text()) rather than affecting all NiceGUI deployments universally. Organizations with only static rendering are unaffected, capping the overall severity.

Frequently asked questions

How do I know if my NiceGUI application is vulnerable?

Check your NiceGUI version (pip show nicegui). If it is earlier than 3.12.0 and your application calls ui.restructured_text() with any user-supplied, uploaded, or externally sourced content, you are vulnerable. Static, hardcoded reStructuredText does not trigger the issue.

Can this vulnerability allow code execution?

No. This is a file disclosure vulnerability (CWE-200). Attackers can read files accessible to the NiceGUI process, but cannot execute arbitrary code. However, disclosed files (such as configuration or credentials) may enable further attacks.

Is upgrading to 3.12.0 sufficient, or do I need to change my application code?

Upgrading to 3.12.0 patches the underlying issue. However, best practice is to treat all user input as untrusted and validate or sanitize reStructuredText content before rendering. If your application logic requires dynamic reStructuredText, review the vendor's documentation in version 3.12.0 to confirm the remediation approach and any recommended input handling patterns.

What files are at risk of being read?

Any file readable by the operating system user running the NiceGUI process. This typically includes application configuration, environment files, private keys, and source code in the application directory and its parent paths, depending on file permissions. Files outside the process's readable scope are protected by OS-level access controls.

This analysis is provided for informational purposes and reflects the vulnerability details available as of the publication date. SEC.co does not provide warranty or guarantee of patch effectiveness. Always verify patch applicability against your specific deployment environment and the official vendor advisory. Test patches in staging environments before production deployment. Organizations should conduct independent risk assessments based on their threat model and operational context. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).