VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 113 of 275
  • CVE-2016-6038MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2016-5970MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

  • CVE-2016-1434MedJun 23, 2016
    risk 0.42cvss 6.5epss 0.01

    The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.

  • CVE-2013-7448HigFeb 23, 2016
    risk 0.42cvss 7.5epss 0.04

    Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.

  • CVE-2015-8794MedJan 29, 2016
    risk 0.42cvss 6.5epss 0.02

    Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.

  • CVE-2009-4449MedDec 29, 2009
    risk 0.42cvss 6.5epss 0.03

    Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and…

  • CVE-2026-44171MedJun 12, 2026
    risk 0.41cvss 6.3epss 0.00

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper…

  • CVE-2026-10278MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the…

  • CVE-2026-9473MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be…

  • CVE-2026-9472MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can…

  • CVE-2026-9468MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal.…

  • CVE-2026-34664MedMay 12, 2026
    risk 0.41cvss 6.3epss 0.00

    Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive…

  • CVE-2026-6815MedMay 11, 2026
    risk 0.41cvss 5.9epss 0.01

    An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on…

  • CVE-2026-8116MedMay 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The…

  • CVE-2026-7738MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be…

  • CVE-2026-7715MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack…

  • CVE-2026-7627MedMay 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such manipulation of the argument ea_name leads to path traversal. The attack…

  • CVE-2026-7599MedMay 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument output_path results in path traversal.…

  • CVE-2026-7445MedApr 30, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path…

  • CVE-2026-6620MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely.…