CWE-36
Absolute Path Traversal
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-597
CVEs mapped to this weakness (55)
page 3 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28414 | 0.00 | — | 0.03 | Feb 27, 2026 | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system.… | |||
| CVE-2025-68472 | 0.00 | — | 0.19 | Jan 12, 2026 | MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing… | |||
| CVE-2025-53651 | 0.00 | — | 0.00 | Jul 9, 2025 | Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. | |||
| CVE-2024-10833 | — | 0.00 | — | 0.01 | Mar 20, 2025 | eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This… | ||
| CVE-2024-6854 | 0.00 | — | 0.01 | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the… | |||
| CVE-2024-10831 | — | 0.00 | — | 0.01 | Mar 20, 2025 | In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the `file_key` and… | ||
| CVE-2024-8501 | 0.00 | — | 0.01 | Mar 20, 2025 | An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized… | |||
| CVE-2024-47883 | 0.00 | — | 0.02 | Oct 24, 2024 | The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these… | |||
| CVE-2024-45290 | 0.00 | — | 0.01 | Oct 7, 2024 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file… | |||
| CVE-2024-45291 | 0.00 | — | 0.01 | Oct 7, 2024 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files… | |||
| CVE-2024-4881 | — | 0.00 | — | 0.01 | Jun 6, 2024 | A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing… | ||
| CVE-2023-5115 | 0.00 | — | 0.01 | Dec 18, 2023 | An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. | |||
| CVE-2023-3765 | 0.00 | — | 0.71 | Jul 19, 2023 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||
| CVE-2023-1176 | 0.00 | — | 0.01 | Mar 24, 2023 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | |||
| CVE-2022-1554 | 0.00 | — | 0.01 | May 3, 2022 | Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. |
- CVE-2026-28414Feb 27, 2026risk 0.00cvss —epss 0.03
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system.…
- CVE-2025-68472Jan 12, 2026risk 0.00cvss —epss 0.19
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing…
- CVE-2025-53651Jul 9, 2025risk 0.00cvss —epss 0.00
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log.
- CVE-2024-10833Mar 20, 2025risk 0.00cvss —epss 0.01
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This…
- CVE-2024-6854Mar 20, 2025risk 0.00cvss —epss 0.01
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the…
- CVE-2024-10831Mar 20, 2025risk 0.00cvss —epss 0.01
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the `file_key` and…
- CVE-2024-8501Mar 20, 2025risk 0.00cvss —epss 0.01
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized…
- CVE-2024-47883Oct 24, 2024risk 0.00cvss —epss 0.02
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these…
- CVE-2024-45290Oct 7, 2024risk 0.00cvss —epss 0.01
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file…
- CVE-2024-45291Oct 7, 2024risk 0.00cvss —epss 0.01
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files…
- CVE-2024-4881Jun 6, 2024risk 0.00cvss —epss 0.01
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing…
- CVE-2023-5115Dec 18, 2023risk 0.00cvss —epss 0.01
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
- CVE-2023-3765Jul 19, 2023risk 0.00cvss —epss 0.71
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
- CVE-2023-1176Mar 24, 2023risk 0.00cvss —epss 0.01
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
- CVE-2022-1554May 3, 2022risk 0.00cvss —epss 0.01
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.