VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 79 of 275
  • CVE-2026-7214HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument WORKSPACE_PATH leads to path traversal. The attack may be…

  • CVE-2026-7213HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The…

  • CVE-2026-7212HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the argument root_dir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit…

  • CVE-2026-7205HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The…

  • CVE-2026-7159HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out…

  • CVE-2026-7149HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the argument competition_id leads to path traversal.…

  • CVE-2026-7036HigApr 26, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly…

  • CVE-2026-6615HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is…

  • CVE-2026-6568HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack…

  • CVE-2026-6227HigApr 14, 2026
    risk 0.47cvss 7.2epss 0.01

    The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal…

  • CVE-2026-31939HigApr 10, 2026
    risk 0.47cvss 8.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal…

  • CVE-2026-6024HigApr 10, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly…

  • CVE-2026-5962HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.

  • CVE-2026-5849HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be…

  • CVE-2026-5841HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to…

  • CVE-2026-34607HigApr 3, 2026
    risk 0.47cvss 7.2epss 0.01

    Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls…

  • CVE-2026-34524HigApr 2, 2026
    risk 0.47cvss 8.3epss 0.01

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an…

  • CVE-2026-5258HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be…

  • CVE-2025-15076HigDec 25, 2025
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

  • CVE-2025-14704HigDec 15, 2025
    risk 0.47cvss 7.3epss 0.11

    A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be…