CWE-35— Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.— MITRE CWE catalog
172 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-35page 4 of 4
- CVE-2026-1763MEDIUMCVSS 4.6EG 4.62026-02-10
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
- CVE-2026-20034HIGHCVSS 8.8EG 8.82026-05-06
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-…
- CVE-2026-24315MEDIUMCVSS 4.2EG 4.22026-06-09
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires a…
- CVE-2026-24464MEDIUMCVSS 6.8EG 6.82026-05-13
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.�…
- CVE-2026-25397HIGHCVSS 7.5EG 7.52026-03-25
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.
- CVE-2026-25705HIGHCVSS 8.4EG 8.42026-05-13
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEn…
- CVE-2026-26124MEDIUMCVSS 6.7EG 6.72026-03-05
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
- CVE-2026-28265MEDIUMCVSS 4.4EG 4.42026-04-01
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
- CVE-2026-32415MEDIUMCVSS 5.0EG 5.02026-03-13
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
- CVE-2026-40128CRITICALCVSS 9.0EG 9.02026-06-09
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Proce…
- CVE-2026-42274HIGHCVSS 7.8EG 7.82026-05-08
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments…
- CVE-2026-42661HIGHCVSS 8.8EG 8.82026-06-15
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
- CVE-2026-42930HIGHCVSS 8.7EG 8.72026-05-13
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS)…
- CVE-2026-44933HIGHCVSS 7.8EG 7.82026-05-20
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed pa…
- CVE-2026-45495HIGHCVSS 8.8EG 8.82026-05-18
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2026-45661CRITICALCVSS 9.9EG 9.92026-05-29
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during appli…
- CVE-2026-49112HIGHCVSS 7.5EG 7.52026-06-15
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
- CVE-2026-49779MEDIUMCVSS 6.5EG 6.52026-07-02
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
- CVE-2026-52703CRITICALCVSS 9.6EG 9.62026-06-15
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
- CVE-2026-52707HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
- CVE-2026-6074CRITICALCVSS 9.8EG 9.82026-04-23
Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read ar…
- CVE-2026-7302CRITICALCVSS 9.1EG 9.12026-05-18
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload fi…
Map vulnerabilities like CWE-35 to your infrastructure
EchelonGraph correlates every CVE — across CWE-35 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →