VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 39 of 275
  • CVE-2026-52755HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code…

  • CVE-2026-52752HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended…

  • CVE-2026-22926HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.

  • CVE-2026-50207HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity.

  • CVE-2026-7474HigMay 12, 2026
    risk 0.51cvss 8.8epss 0.07

    HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

  • CVE-2026-28915HigMay 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.

  • CVE-2026-29059HigMar 6, 2026
    risk 0.51cvss 7.5epss 0.03

    Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})".…

  • CVE-2026-3223HigFeb 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

  • CVE-2026-1557HigFeb 26, 2026
    risk 0.51cvss 7.5epss 0.02

    The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain…

  • CVE-2026-20615HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to gain root privileges.

  • CVE-2026-20614HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to gain root privileges.

  • CVE-2026-0651HigFeb 10, 2026
    risk 0.51cvss 7.8epss 0.00

    A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization…

  • CVE-2025-68143HigDec 17, 2025
    risk 0.51cvss 8.8epss 0.08

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target…

  • CVE-2025-12060HigOct 30, 2025
    risk 0.51cvss epss 0.01

    The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive…

  • CVE-2025-12055HigOct 27, 2025
    risk 0.51cvss 7.5epss 0.04

    HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system.…

  • CVE-2025-3718HigOct 7, 2025
    risk 0.51cvss 7.9epss 0.00

    A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a…

  • CVE-2024-56179HigAug 22, 2025
    risk 0.51cvss 7.8epss 0.00

    In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files.

  • CVE-2025-8941HigAug 13, 2025
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

  • CVE-2025-6020HigJun 17, 2025
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

  • CVE-2024-9362HigMar 20, 2025
    risk 0.51cvss 7.5epss 0.04

    An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information…