CWE-403
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
BaseDraft
Description
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40042 | Cri | 0.64 | 9.8 | 0.00 | Apr 13, 2026 | Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions, comments, and wiki articles to trigger entity resolution via simplexml_load_string() without LIBXML_NONET restrictions. | |
| CVE-2025-3032 | Hig | 0.48 | 7.4 | 0.00 | Apr 1, 2025 | Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137. |