CWE-427— Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.— MITRE CWE catalog
1,124 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-427page 23 of 23
- CVE-2026-44682HIGHCVSS 7.3EG 7.32026-06-03
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
- CVE-2026-45004HIGHCVSS 7.8EG 7.82026-05-11
OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScr…
- CVE-2026-47092HIGHCVSS 7.8EG 7.82026-05-18
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an ar…
- CVE-2026-47274MEDIUMCVSS 6.3EG 6.32026-05-27
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker…
- CVE-2026-47937HIGHCVSS 7.7EG 7.42026-06-09
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privil…
- CVE-2026-49241HIGHCVSS 8.8EG 8.82026-06-22
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and …
- CVE-2026-50033HIGHCVSS 7.3EG 7.32026-06-03
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
- CVE-2026-50100HIGHCVSS 7.8EG 7.82026-06-15
Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer …
- CVE-2026-5055HIGHCVSS 7.8EG 7.82026-04-11
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to exe…
- CVE-2026-5064HIGHCVSS 8.5EG 8.52026-06-15
Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate t…
- CVE-2026-5271HIGHCVSS 7.8EG 7.82026-04-01
pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacke…
- CVE-2026-53813HIGHCVSS 7.8EG 7.82026-06-11
OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts f…
- CVE-2026-5397HIGHCVSS 7.8EG 7.82026-04-15
It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then …
- CVE-2026-54232HIGHCVSS 8.8EG 8.82026-06-22
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom …
- CVE-2026-54672HIGHCVSS 7.8EG 7.82026-06-30
electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LD_LIBRARY_PATH environment variable at runtime. This causes th…
- CVE-2026-56437HIGHCVSS 7.8EG 7.82026-07-08
Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privil…
- CVE-2026-57239HIGHCVSS 7.8EG 8.22026-07-08
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM.
- CVE-2026-6421HIGHCVSS 7.0EG 7.02026-04-17
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is…
- CVE-2026-6645HIGHCVSS 7.3EG 7.32026-06-22
An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an…
- CVE-2026-6788HIGHCVSS 7.8EG 7.82026-05-06
Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
- CVE-2026-7279HIGHCVSS 7.8EG 7.82026-04-28
AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system…
- CVE-2026-7373HIGHCVSS 8.5EG 8.52026-05-15
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which wo…
- CVE-2026-7870HIGHCVSS 8.8EG 8.82026-06-11
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
- CVE-2026-8637HIGHCVSS 7.8EG 7.82026-06-10
A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.
Map vulnerabilities like CWE-427 to your infrastructure
EchelonGraph correlates every CVE — across CWE-427 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →