CWE-23— Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.— MITRE CWE catalog
429 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-23page 9 of 9
- CVE-2026-48569HIGHCVSS 7.1EG 7.12026-06-09
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- CVE-2026-48681HIGHCVSS 8.1EG 5.92026-06-04
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
- CVE-2026-49290HIGHCVSS 7.6EG 7.62026-06-19
Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbi…
- CVE-2026-50016HIGHCVSS 8.8EG 8.82026-06-25
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linki…
- CVE-2026-50181HIGHCVSS 7.1EG 7.12026-07-02
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary for file operation…
- CVE-2026-52813CRITICALCVSS 10.0EG 10.02026-06-23
Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allo…
- CVE-2026-54066HIGHCVSS 7.5EG 7.52026-06-24
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encoding") sanitized the /export/ route but the identical root cause remains in the /assets/*path r…
- CVE-2026-5422HIGHCVSS 8.1EG 6.82026-06-02
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) with…
- CVE-2026-55474MEDIUMCVSS 6.5EG 6.52026-07-10
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to t…
- CVE-2026-57871HIGHCVSS 7.1EG 7.12026-07-07
Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3.
- CVE-2026-57988HIGHCVSS 7.1EG 7.12026-07-03
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2026-58522MEDIUMCVSS 6.8EG 6.82026-07-03
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
- CVE-2026-59149MEDIUMCVSS 6.5EG 6.52026-07-09
Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWith(staticBas…
- CVE-2026-5966HIGHCVSS 8.1EG 8.12026-04-20
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
- CVE-2026-59792CRITICALCVSS 9.8EG 9.62026-07-10
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
- CVE-2026-59832HIGHCVSS 7.7EG 7.72026-07-09
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath co…
- CVE-2026-59995MEDIUMCVSS 5.4EG 4.22026-07-08
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
- CVE-2026-59996MEDIUMCVSS 5.4EG 4.22026-07-08
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
- CVE-2026-61343HIGHCVSS 7.2EG 7.22026-07-09
LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template director…
- CVE-2026-7404HIGHCVSS 7.3EG 7.32026-04-29
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument det…
- CVE-2026-8023HIGHCVSS 7.5EG 7.52026-06-29
Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured root directory. Before this fix, both th…
- CVE-2026-8073HIGHCVSS 7.5EG 7.52026-05-19
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all vers…
- CVE-2026-8100HIGHCVSS 8.6EG 8.62026-06-18
Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In …
- CVE-2026-8134HIGHCVSS 7.2EG 7.22026-05-21
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing …
- CVE-2026-8209MEDIUMCVSS 6.9EG 6.92026-05-09
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful e…
- CVE-2026-8326CRITICALCVSS 10.0EG 10.02026-05-29
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Dependi…
- CVE-2026-8361HIGHCVSS 7.5EG 7.52026-05-27
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
- CVE-2026-8387LOWCVSS 2.4EG 2.42026-07-01
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using the `ZipFile.extractall()` method in `StorageManager._extract_to_cache()`. This issue arises …
- CVE-2026-8650HIGHCVSS 7.5EG 4.52026-07-08
Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Map vulnerabilities like CWE-23 to your infrastructure
EchelonGraph correlates every CVE — across CWE-23 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →