CWE-426— Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.— MITRE CWE catalog
554 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-426page 12 of 12
- CVE-2026-57919HIGHCVSS 7.8EG 7.82026-06-29
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker c…
- CVE-2026-6421HIGHCVSS 7.0EG 7.02026-04-17
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is…
- CVE-2026-6901HIGHCVSS 7.7EG 7.72026-07-06
Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.
- CVE-2026-7309MEDIUMCVSS 4.3EG 4.32026-04-28
A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfig…
Map vulnerabilities like CWE-426 to your infrastructure
EchelonGraph correlates every CVE — across CWE-426 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →