CWE-36— Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.— MITRE CWE catalog
127 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-36page 3 of 3
- CVE-2025-9258MEDIUMCVSS 6.5EG 6.52025-08-22
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2025-9259MEDIUMCVSS 6.5EG 6.52025-08-22
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2025-9516MEDIUMCVSS 4.9EG 4.92025-09-04
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and a…
- CVE-2025-9518HIGHCVSS 7.2EG 7.22025-09-04
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated atta…
- CVE-2026-0846HIGHCVSS 7.5EG 7.52026-03-09
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitiza…
- CVE-2026-10044HIGHCVSS 7.5EG 7.52026-05-28
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying…
- CVE-2026-10075MEDIUMCVSS 5.3EG 5.32026-05-29
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability.
- CVE-2026-1018HIGHCVSS 7.5EG 7.52026-01-16
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2026-1020MEDIUMCVSS 5.3EG 5.32026-01-16
Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory.
- CVE-2026-1330HIGHCVSS 7.5EG 7.52026-01-22
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2026-15302MEDIUMCVSS 5.3EG 5.32026-07-10
The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain file…
- CVE-2026-20834MEDIUMCVSS 4.6EG 4.62026-01-13
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
- CVE-2026-2753HIGHCVSS 7.5EG 7.52026-03-06
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting reque…
- CVE-2026-32175MEDIUMCVSS 4.3EG 4.32026-05-12
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. …
- CVE-2026-32997HIGHCVSS 8.6EG 8.62026-05-28
A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.
- CVE-2026-34515HIGHCVSS 7.5EG 7.52026-04-01
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.…
- CVE-2026-35465HIGHCVSS 7.5EG 7.52026-04-18
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the C…
- CVE-2026-42315HIGHCVSS 8.1EG 8.12026-05-11
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all…
- CVE-2026-4373HIGHCVSS 7.5EG 7.52026-03-21
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths fro…
- CVE-2026-44029MEDIUMCVSS 5.3EG 5.32026-05-05
An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.…
- CVE-2026-4782MEDIUMCVSS 6.5EG 6.52026-05-13
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of the 'fusion_section_separator' shortcod…
- CVE-2026-49290HIGHCVSS 7.6EG 7.62026-06-19
Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbi…
- CVE-2026-53698MEDIUMCVSS 6.5EG 6.52026-06-10
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set.
- CVE-2026-57211MEDIUMCVSS 6.5EG 6.52026-07-10
RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path val…
- CVE-2026-58300MEDIUMCVSS 6.2EG 6.22026-07-03
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
- CVE-2026-6418MEDIUMCVSS 4.6EG 4.92026-05-05
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper pa…
- CVE-2026-7217MEDIUMCVSS 5.3EG 5.32026-04-28
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Docum…
Map vulnerabilities like CWE-36 to your infrastructure
EchelonGraph correlates every CVE — across CWE-36 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →