CWE-426
Untrusted Search Path
Description
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-38
CVEs mapped to this weakness (355)
page 16 of 18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40909 | Med | 0.31 | 5.9 | 0.00 | May 30, 2025 | Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which… | ||
| CVE-2025-0733 | Med | 0.29 | 4.5 | 0.00 | Jan 27, 2025 | A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is… | ||
| CVE-2025-0732 | Med | 0.29 | 4.5 | 0.00 | Jan 27, 2025 | A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally.… | ||
| CVE-2024-13524 | Med | 0.29 | 4.5 | 0.00 | Jan 20, 2025 | A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity… | ||
| CVE-2025-0567 | Med | 0.29 | 4.5 | 0.00 | Jan 19, 2025 | A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The… | ||
| CVE-2026-7309 | Med | 0.28 | 4.3 | 0.00 | Apr 28, 2026 | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix… | ||
| CVE-2026-54055 | Med | 0.26 | 5.0 | 0.00 | Jun 12, 2026 | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU… | ||
| CVE-2026-40947 | Low | 0.19 | 2.9 | 0.00 | Apr 16, 2026 | Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path. | ||
| CVE-2017-1144 | Low | 0.16 | 2.5 | 0.00 | Jul 5, 2017 | IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | ||
| CVE-2024-3220 | Low | 0.15 | — | 0.00 | Feb 14, 2025 | There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be… | ||
| CVE-2015-0096 | 0.09 | — | 0.71 | Mar 11, 2015 | Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan… | |||
| CVE-2015-6305 | 0.03 | — | 0.01 | Sep 26, 2015 | Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as… | |||
| CVE-2014-0315 | 0.01 | — | 0.15 | Apr 8, 2014 | Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain… | |||
| CVE-2011-2019 | 0.01 | — | 0.13 | Dec 14, 2011 | Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an… | |||
| CVE-2026-45792 | 0.00 | — | 0.00 | May 20, 2026 | RTK (Rust Token Killer) improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads `.rtk/filters.toml` from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in… | |||
| CVE-2026-32032 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute… | |||
| CVE-2026-32016 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local… | |||
| CVE-2026-32015 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can… | |||
| CVE-2026-32009 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these… | |||
| CVE-2026-31997 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator… |
- risk 0.31cvss 5.9epss 0.00
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which…
- risk 0.29cvss 4.5epss 0.00
A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is…
- risk 0.29cvss 4.5epss 0.00
A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally.…
- risk 0.29cvss 4.5epss 0.00
A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity…
- risk 0.29cvss 4.5epss 0.00
A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The…
- risk 0.28cvss 4.3epss 0.00
A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix…
- risk 0.26cvss 5.0epss 0.00
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU…
- risk 0.19cvss 2.9epss 0.00
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.
- risk 0.16cvss 2.5epss 0.00
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
- risk 0.15cvss —epss 0.00
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be…
- CVE-2015-0096Mar 11, 2015risk 0.09cvss —epss 0.71
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan…
- CVE-2015-6305Sep 26, 2015risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as…
- CVE-2014-0315Apr 8, 2014risk 0.01cvss —epss 0.15
Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain…
- CVE-2011-2019Dec 14, 2011risk 0.01cvss —epss 0.13
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an…
- CVE-2026-45792May 20, 2026risk 0.00cvss —epss 0.00
RTK (Rust Token Killer) improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads `.rtk/filters.toml` from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in…
- CVE-2026-32032Mar 19, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute…
- CVE-2026-32016Mar 19, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local…
- CVE-2026-32015Mar 19, 2026risk 0.00cvss —epss 0.00
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can…
- CVE-2026-32009Mar 19, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these…
- CVE-2026-31997Mar 19, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator…