VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 28 of 275
  • CVE-2026-45482HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-49238HigMay 28, 2026
    risk 0.55cvss 8.4epss 0.01

    An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path function in…

  • CVE-2026-9789HigMay 28, 2026
    risk 0.55cvss epss 0.00

    A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to…

  • CVE-2026-9489HigMay 25, 2026
    risk 0.55cvss epss 0.00

    NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute…

  • CVE-2026-42048CriMay 12, 2026
    risk 0.55cvss 9.6epss 0.04

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly…

  • CVE-2026-44336CriMay 8, 2026
    risk 0.55cvss 9.6epss 0.01

    PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and…

  • CVE-2026-8069HigMay 8, 2026
    risk 0.55cvss epss 0.00

    PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user…

  • CVE-2026-41589CriMay 7, 2026
    risk 0.55cvss 9.6epss 0.00

    Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary…

  • CVE-2026-41433HigApr 24, 2026
    risk 0.55cvss 8.4epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is…

  • CVE-2026-39399CriApr 14, 2026
    risk 0.55cvss 9.6epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package…

  • CVE-2026-30290HigMar 31, 2026
    risk 0.55cvss 8.4epss 0.00

    An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30279HigMar 31, 2026
    risk 0.55cvss 8.4epss 0.00

    An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30277HigMar 31, 2026
    risk 0.55cvss 8.4epss 0.00

    An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2016-20048HigMar 28, 2026
    risk 0.55cvss 8.4epss 0.00

    iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to…

  • CVE-2016-20041HigMar 28, 2026
    risk 0.55cvss 8.4epss 0.00

    Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a…

  • CVE-2016-20040HigMar 28, 2026
    risk 0.55cvss 8.4epss 0.00

    TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the…

  • CVE-2020-36970HigJan 28, 2026
    risk 0.55cvss 8.4epss 0.00

    PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted…

  • CVE-2025-10284CriOct 9, 2025
    risk 0.55cvss 9.6epss 0.01

    BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

  • CVE-2025-10283CriOct 9, 2025
    risk 0.55cvss 9.6epss 0.00

    BBOT's gitdumper module could be abused to execute commands through a malicious git repository.

  • CVE-2025-34023HigJun 20, 2025
    risk 0.55cvss epss 0.01

    A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system…