VYPR

CWE-41

Improper Resolution of Path Equivalence

BaseIncomplete

Description

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-3

CVEs mapped to this weakness (10)

  • CVE-2026-5816HigApr 22, 2026
    risk 0.52cvss 8.0epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain…

  • CVE-2025-43298HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.

  • CVE-2025-0115MedMar 12, 2025
    risk 0.44cvss epss 0.00

    A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this…

  • CVE-2024-12217MedMar 20, 2025
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application…

  • CVE-2024-45405MedSep 6, 2024
    risk 0.32cvss 6.0epss 0.00

    `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly…

  • CVE-2026-34451MedMar 31, 2026
    risk 0.28cvss 5.4epss 0.00

    Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix…

  • CVE-2026-34510MedApr 1, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content,…

  • CVE-2026-50568LowJun 10, 2026
    risk 0.16cvss 3.6epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling…

  • CVE-2026-49401Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to `--deny-read`, `--deny-write`, `--deny-run`, or `--deny-ffi`. On macOS, that comparison was done at the raw-byte level while the APFS…

  • CVE-2024-6839Mar 20, 2025
    risk 0.00cvss epss 0.01

    corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This…