CWE-41
Improper Resolution of Path Equivalence
Description
The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-3
CVEs mapped to this weakness (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5816 | Hig | 0.52 | 8.0 | 0.00 | Apr 22, 2026 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain… | ||
| CVE-2025-43298 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2025 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges. | ||
| CVE-2025-0115 | Med | 0.44 | — | 0.00 | Mar 12, 2025 | A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this… | ||
| CVE-2024-12217 | Med | 0.34 | 5.3 | 0.01 | Mar 20, 2025 | A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application… | ||
| CVE-2024-45405 | Med | 0.32 | 6.0 | 0.00 | Sep 6, 2024 | `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly… | ||
| CVE-2026-34451 | Med | 0.28 | 5.4 | 0.00 | Mar 31, 2026 | Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix… | ||
| CVE-2026-34510 | Med | 0.27 | 5.3 | 0.00 | Apr 1, 2026 | OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content,… | ||
| CVE-2026-50568 | Low | 0.16 | 3.6 | 0.00 | Jun 10, 2026 | Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling… | ||
| CVE-2026-49401 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to `--deny-read`, `--deny-write`, `--deny-run`, or `--deny-ffi`. On macOS, that comparison was done at the raw-byte level while the APFS… | |||
| CVE-2024-6839 | 0.00 | — | 0.01 | Mar 20, 2025 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This… |
- risk 0.52cvss 8.0epss 0.00
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain…
- risk 0.51cvss 7.8epss 0.00
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
- risk 0.44cvss —epss 0.00
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this…
- risk 0.34cvss 5.3epss 0.01
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application…
- risk 0.32cvss 6.0epss 0.00
`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly…
- risk 0.28cvss 5.4epss 0.00
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix…
- risk 0.27cvss 5.3epss 0.00
OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content,…
- risk 0.16cvss 3.6epss 0.00
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling…
- CVE-2026-49401Jun 16, 2026risk 0.00cvss —epss 0.00
## Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to `--deny-read`, `--deny-write`, `--deny-run`, or `--deny-ffi`. On macOS, that comparison was done at the raw-byte level while the APFS…
- CVE-2024-6839Mar 20, 2025risk 0.00cvss —epss 0.01
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This…