CWE-23— Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.— MITRE CWE catalog
429 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-23page 8 of 9
- CVE-2025-66626HIGHCVSS 7.5EG 8.12025-12-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives.…
- CVE-2025-66737MEDIUMCVSS 4.3EG 6.52025-12-26
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.
- CVE-2025-67366HIGHCVSS 7.5EG 7.52026-01-07
@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from…
- CVE-2025-68472HIGHCVSS 8.1EG 8.12026-01-12
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move th…
- CVE-2025-7146HIGHCVSS 7.5EG 7.52025-07-08
The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.
- CVE-2025-7619HIGHCVSS 8.8EG 8.82025-07-14
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path…
- CVE-2025-8464MEDIUMCVSS 5.3EG 5.32025-08-16
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. This makes it possible for unauthenticate…
- CVE-2025-9570MEDIUMCVSS 4.9EG 4.92025-09-01
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.
- CVE-2025-9639HIGHCVSS 7.5EG 7.52025-08-29
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
- CVE-2026-10073HIGHCVSS 7.5EG 7.52026-05-29
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.
- CVE-2026-10074MEDIUMCVSS 4.9EG 4.92026-05-29
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.
- CVE-2026-1022HIGHCVSS 7.5EG 7.52026-01-16
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
- CVE-2026-10720MEDIUMCVSS 5.1EG 5.12026-06-19
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate…
- CVE-2026-14476HIGHCVSS 8.0EG 8.02026-07-07
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files …
- CVE-2026-1762LOWCVSS 2.9EG 2.92026-02-10
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
- CVE-2026-20078MEDIUMCVSS 6.5EG 6.52026-04-15
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative creden…
- CVE-2026-20081MEDIUMCVSS 6.5EG 6.52026-04-15
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative creden…
- CVE-2026-22070HIGHCVSS 7.1EG 7.12026-04-30
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
- CVE-2026-23734CRITICALCVSS 9.3EG 9.32026-05-20
XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki…
- CVE-2026-23888MEDIUMCVSS 6.5EG 6.52026-01-26
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) …
- CVE-2026-23890MEDIUMCVSS 6.5EG 6.52026-01-26
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypa…
- CVE-2026-24909MEDIUMCVSS 5.9EG 5.92026-01-27
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.
- CVE-2026-25057CRITICALCVSS 9.1EG 9.12026-02-09
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_co…
- CVE-2026-25121HIGHCVSS 7.5EG 7.52026-02-04
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a ma…
- CVE-2026-25575HIGHCVSS 7.5EG 7.52026-02-04
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories w…
- CVE-2026-25707HIGHCVSS 8.8EG 8.82026-06-29
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escal…
- CVE-2026-25951HIGHCVSS 7.2EG 7.22026-02-09
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protect…
- CVE-2026-27489HIGHCVSS 7.5EG 7.52026-04-01
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. Thi…
- CVE-2026-2818HIGHCVSS 8.2EG 8.22026-02-20
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
- CVE-2026-29201HIGHCVSS 8.6EG 4.32026-05-08
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
- CVE-2026-30345HIGHCVSS 7.5EG 7.52026-03-18
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.
- CVE-2026-31927MEDIUMCVSS 4.9EG 4.92026-04-17
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes.
- CVE-2026-33435HIGHCVSS 8.0EG 8.02026-04-15
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in…
- CVE-2026-33733HIGHCVSS 7.2EG 7.22026-04-22
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template path construction with…
- CVE-2026-34026HIGHCVSS 7.1EG 7.12026-06-15
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path usin…
- CVE-2026-34926MEDIUMCVSS 6.7EG 9.0⚠ KEV2026-05-21
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vuln…
- CVE-2026-39814MEDIUMCVSS 6.7EG 6.72026-04-14
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unau…
- CVE-2026-41046HIGHCVSS 7.3EG 7.32026-06-22
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
- CVE-2026-41551CRITICALCVSS 9.1EG 9.12026-05-12
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on th…
- CVE-2026-41612MEDIUMCVSS 5.5EG 5.52026-05-12
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
- CVE-2026-41948CRITICALCVSS 9.4EG 7.72026-05-18
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can …
- CVE-2026-42085MEDIUMCVSS 4.3EG 4.32026-05-04
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that al…
- CVE-2026-43533HIGHCVSS 8.6EG 8.62026-05-05
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containin…
- CVE-2026-43616HIGHCVSS 7.1EG 7.12026-05-04
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can …
- CVE-2026-4415HIGHCVSS 8.1EG 8.12026-03-30
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, le…
- CVE-2026-44941HIGHCVSS 8.8EG 8.42026-07-02
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
- CVE-2026-44948MEDIUMCVSS 5.3EG 5.32026-06-30
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, c…
- CVE-2026-45188LOWCVSS 2.4EG 2.42026-06-25
Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
- CVE-2026-47287MEDIUMCVSS 6.5EG 6.52026-06-09
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
- CVE-2026-48126HIGHCVSS 8.2EG 8.22026-05-26
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory b…
Map vulnerabilities like CWE-23 to your infrastructure
EchelonGraph correlates every CVE — across CWE-23 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →