VYPR

CWE-40

Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

VariantDraft

Description

The product accepts input that identifies a Windows UNC share ('\\UNC\share\name') that potentially redirects access to an unintended location or arbitrary file.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2)

  • CVE-2026-34426HigApr 2, 2026
    risk 0.42cvss 7.6epss 0.00

    OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval…

  • CVE-2021-44548Dec 23, 2021
    risk 0.00cvss epss 0.05

    An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this…