D-Tale: Remote Code Execution through redis/shelf storage

GHSA-436g-fhfc-9g5w · CVE-2026-35052

Published Apr 3, 2026 · Modified Apr 6, 2026

Description

Impact

Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server.

Patches

Users should upgrade to version 3.22.0.

Workarounds

There are no workarounds for versions < 3.22.0

References

WEB https://github.com/man-group/dtale/security/advisories/GHSA-436g-fhfc-9g5w
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-35052
PACKAGE https://github.com/man-group/dtale

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes