CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 152 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1002207 | — | Med | 0.29 | 5.5 | 0.03 | Jul 25, 2018 | mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known… | |
| CVE-2018-8008 | Med | 0.29 | 5.5 | 0.02 | Jun 5, 2018 | Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path… | ||
| CVE-2018-1000079 | — | Med | 0.29 | 5.5 | 0.03 | Mar 13, 2018 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the… | |
| CVE-2015-5345 | Med | 0.29 | 5.3 | 0.18 | Feb 25, 2016 | The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that… | ||
| CVE-2015-5174 | Med | 0.29 | 4.3 | 0.13 | Feb 25, 2016 | Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a… | ||
| CVE-2026-11847 | Med | 0.28 | 4.3 | 0.00 | Jun 12, 2026 | The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths. | ||
| CVE-2024-47273 | Med | 0.28 | 4.3 | 0.00 | Jun 3, 2026 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors. | ||
| CVE-2026-45571 | Med | 0.28 | 5.4 | 0.00 | May 27, 2026 | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These… | ||
| CVE-2026-9467 | Med | 0.28 | 4.3 | 0.00 | May 25, 2026 | A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and… | ||
| CVE-2026-8765 | Med | 0.28 | 4.3 | 0.01 | May 17, 2026 | A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in… | ||
| CVE-2026-42885 | Med | 0.28 | 4.3 | 0.00 | May 11, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a… | ||
| CVE-2026-7704 | Med | 0.28 | 4.3 | 0.00 | May 3, 2026 | A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading… | ||
| CVE-2026-7680 | Med | 0.28 | 4.3 | 0.00 | May 3, 2026 | A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be… | ||
| CVE-2026-7676 | Med | 0.28 | 4.3 | 0.00 | May 3, 2026 | A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The… | ||
| CVE-2026-30462 | Med | 0.28 | 4.3 | 0.00 | Apr 27, 2026 | A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal. | ||
| CVE-2026-40923 | Med | 0.28 | 5.4 | 0.00 | Apr 21, 2026 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted… | ||
| CVE-2026-6636 | — | Med | 0.28 | 4.3 | 0.00 | Apr 20, 2026 | A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to… | |
| CVE-2026-6591 | Med | 0.28 | 4.3 | 0.00 | Apr 20, 2026 | A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible.… | ||
| CVE-2026-6590 | Med | 0.28 | 4.3 | 0.00 | Apr 20, 2026 | A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public… | ||
| CVE-2026-6487 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2026 | A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The… |
- risk 0.29cvss 5.5epss 0.03
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known…
- risk 0.29cvss 5.5epss 0.02
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path…
- risk 0.29cvss 5.5epss 0.03
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the…
- risk 0.29cvss 5.3epss 0.18
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that…
- risk 0.29cvss 4.3epss 0.13
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a…
- risk 0.28cvss 4.3epss 0.00
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths.
- risk 0.28cvss 4.3epss 0.00
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors.
- risk 0.28cvss 5.4epss 0.00
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in…
- risk 0.28cvss 4.3epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading…
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The…
- risk 0.28cvss 4.3epss 0.00
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
- risk 0.28cvss 5.4epss 0.00
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to…
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible.…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public…
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The…