Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
..
@@
"https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2026-745.yaml"