CWE-73— External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.— MITRE CWE catalog
467 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-73page 8 of 10
- CVE-2026-21249LOWCVSS 3.3EG 3.32026-02-10
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
- CVE-2026-22783CRITICALCVSS 9.6EG 9.62026-01-12
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_…
- CVE-2026-2351MEDIUMCVSS 6.5EG 6.52026-03-21
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callback_get_text_from_url() function. This makes it possible for authenticated attackers, with Subscriber-level…
- CVE-2026-23529HIGHCVSS 7.7EG 7.72026-01-16
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink …
- CVE-2026-23835MEDIUMCVSS 5.7EG 5.72026-01-30
LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify the req…
- CVE-2026-23898HIGHCVSS 7.2EG 7.22026-04-01
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
- CVE-2026-24287HIGHCVSS 7.8EG 7.82026-03-10
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-24708HIGHCVSS 8.2EG 8.22026-02-18
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to …
- CVE-2026-25628HIGHCVSS 8.5EG 8.52026-02-06
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are requi…
- CVE-2026-25636HIGHCVSS 8.2EG 8.22026-02-06
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre re…
- CVE-2026-25964MEDIUMCVSS 4.9EG 4.92026-02-13
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import perm…
- CVE-2026-2604MEDIUMCVSS 5.6EG 5.62026-06-17
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored w…
- CVE-2026-26157HIGHCVSS 7.0EG 7.02026-02-11
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended direct…
- CVE-2026-26158HIGHCVSS 7.0EG 7.02026-02-11
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is e…
- CVE-2026-29611HIGHCVSS 7.5EG 7.52026-03-05
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension (must be installed and enabled) media path handling that allows attackers to read arbitrary files from the local filesystem. The sen…
- CVE-2026-29962HIGHCVSS 7.5EG 7.52026-05-18
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file …
- CVE-2026-30276CRITICALCVSS 9.8EG 9.82026-03-31
An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- CVE-2026-30281CRITICALCVSS 9.8EG 9.82026-03-31
An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- CVE-2026-30282CRITICALCVSS 9.0EG 9.02026-03-31
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
- CVE-2026-30284HIGHCVSS 8.6EG 8.62026-03-31
An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- CVE-2026-30287HIGHCVSS 8.4EG 8.42026-04-01
An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information expos…
- CVE-2026-30289HIGHCVSS 8.4EG 8.42026-04-01
An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- CVE-2026-30291HIGHCVSS 8.4EG 8.42026-04-01
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- CVE-2026-30292HIGHCVSS 8.4EG 8.42026-04-01
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- CVE-2026-30893CRITICALCVSS 9.0EG 9.02026-04-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authe…
- CVE-2026-30903CRITICALCVSS 9.6EG 9.62026-03-11
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CVE-2026-30905HIGHCVSS 7.8EG 7.82026-05-13
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2026-31939HIGHCVSS 8.3EG 8.32026-04-10
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path wi…
- CVE-2026-32204HIGHCVSS 7.8EG 7.82026-05-12
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
- CVE-2026-33949HIGHCVSS 8.1EG 8.12026-04-01
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manip…
- CVE-2026-34030MEDIUMCVSS 6.9EG 6.92026-06-15
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path…
- CVE-2026-34522HIGHCVSS 8.1EG 8.12026-04-02
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability …
- CVE-2026-34783HIGHCVSS 8.1EG 8.12026-04-06
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of t…
- CVE-2026-35032HIGHCVSS 8.1EG 8.12026-04-14
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not validated, allowing local file read via non…
- CVE-2026-35076HIGHCVSS 8.1EG 8.12026-06-03
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- CVE-2026-35077HIGHCVSS 8.1EG 8.12026-06-03
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- CVE-2026-35078HIGHCVSS 8.1EG 8.12026-06-03
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- CVE-2026-35079HIGHCVSS 8.1EG 8.12026-06-03
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- CVE-2026-35080HIGHCVSS 8.1EG 8.12026-06-03
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- CVE-2026-35174CRITICALCVSS 9.1EG 9.12026-04-06
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to …
- CVE-2026-35465HIGHCVSS 7.5EG 7.52026-04-18
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the C…
- CVE-2026-35593MEDIUMCVSS 6.8EG 6.82026-05-20
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read…
- CVE-2026-3602MEDIUMCVSS 5.5EG 4.72026-06-30
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accident…
- CVE-2026-3892HIGHCVSS 8.1EG 8.12026-05-14
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer l…
- CVE-2026-39006CRITICALCVSS 9.8EG 9.82026-06-15
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
- CVE-2026-39377MEDIUMCVSS 6.5EG 6.52026-04-21
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing note…
- CVE-2026-39378MEDIUMCVSS 6.5EG 6.52026-04-21
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read…
- CVE-2026-39907CRITICALCVSS 10.0EG 10.02026-04-14
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attacke…
- CVE-2026-40086MEDIUMCVSS 5.3EG 5.32026-04-10
Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted reques…
- CVE-2026-40342CRITICALCVSS 9.9EG 9.92026-04-17
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separa…
Map vulnerabilities like CWE-73 to your infrastructure
EchelonGraph correlates every CVE — across CWE-73 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →