CWE-73— External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.— MITRE CWE catalog
467 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-73page 10 of 10
- CVE-2026-58192HIGHCVSS 8.6EG 8.62026-07-08
Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage plugin exposes POST /storage/delete, whose handler passes the user-supplied name value di…
- CVE-2026-5821HIGHCVSS 8.1EG 8.12026-07-02
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the Image_Backup::remove() function where backup file paths stored in p…
- CVE-2026-58293HIGHCVSS 8.1EG 8.12026-07-03
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2026-59194HIGHCVSS 7.1EG 7.12026-07-06
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 …
- CVE-2026-59196HIGHCVSS 7.1EG 7.12026-07-06
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm c…
- CVE-2026-59793HIGHCVSS 8.8EG 8.82026-07-10
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
- CVE-2026-59807MEDIUMCVSS 6.8EG 6.82026-07-08
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within…
- CVE-2026-59819LOWCVSS 2.1EG 2.12026-07-08
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, all…
- CVE-2026-6070CRITICALCVSS 9.1EG 9.12026-07-01
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove() method of the JBusinessDirectoryContr…
- CVE-2026-6101HIGHCVSS 7.5EG 7.52026-07-07
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined wi…
- CVE-2026-7633MEDIUMCVSS 6.5EG 6.52026-05-02
A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be perfo…
- CVE-2026-8043CRITICALCVSS 9.6EG 9.62026-05-12
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible clie…
- CVE-2026-8095HIGHCVSS 8.1EG 8.12026-06-27
The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wp…
- CVE-2026-8118MEDIUMCVSS 6.5EG 6.52026-06-19
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wpr_get_csv_handle() helper (introduced in versio…
- CVE-2026-8450CRITICALCVSS 9.1EG 9.12026-05-27
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subproce…
- CVE-2026-8921HIGHCVSS 8.5EG 8.52026-07-03
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' secti…
- CVE-2026-9559CRITICALCVSS 9.9EG 9.92026-05-29
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An…
Map vulnerabilities like CWE-73 to your infrastructure
EchelonGraph correlates every CVE — across CWE-73 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →