VYPR

CWE-403

Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

BaseDraft

Description

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.

When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (3)

  • CVE-2026-40042CriApr 13, 2026
    risk 0.64cvss 9.8epss 0.00

    Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in…

  • CVE-2025-3032HigApr 1, 2025
    risk 0.48cvss 7.4epss 0.00

    Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

  • CVE-2024-21626Jan 31, 2024
    risk 0.00cvss epss 0.18

    runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the…