Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

8,747 vulnerabilities with CWE-22

CVE-2026-7599 MEDIUM

Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal

CVE-2026-7594 HIGH

Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal

CVE-2026-7589 MEDIUM

ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal

CVE-2026-7588 MEDIUM

ggerve coding-standards-mcp server.py get_best_practices path traversal

CVE-2026-7519 HIGH

Fujian Apex LiveBOS Endpoint UploadImage.do path traversal

CVE-2026-5656 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

CVE-2026-3345 MEDIUM

Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

CVE-2026-4502 MEDIUM

Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

CVE-2026-7445 MEDIUM

ZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversal

CVE-2026-7404 HIGH

getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal

CVE-2026-7403 MEDIUM

geldata gel-mcp server.py fetch_rule path traversal

CVE-2026-7400 HIGH

geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

CVE-2026-7398 HIGH

florensiawidjaja BioinfoMCP Upload Endpoint app.py upload path traversal

CVE-2026-30893 CRITICAL

Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer

CVE-2026-7396 MEDIUM

NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal

CVE-2026-7386 HIGH

fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

CVE-2026-5166 CRITICAL

Path Traversal in TUBITAK BILGEM's Pardus Software Center

CVE-2026-38993 MEDIUM

Cockpit <=2.13.5 - Path Traversal

CVE-2026-7384 HIGH

ezequiroga mcp-bases research_server.py search_papers path traversal

CVE-2026-42520 HIGH

Jenkins Project Jenkins Credentials Binding Plugin < 719.v80e905ef14eb_ - Remote Code Execution

CVE-2026-42249 HIGH

Remote Code Execution in Ollama via Update Mechanism

CVE-2026-7319 HIGH

elinsky execution-system-mcp add_action Tool server.py _get_context_file_path path traversal

CVE-2026-7318 MEDIUM

elie mcp-project research_server.py search_papers path traversal

CVE-2026-7315 HIGH

eiceblue spire-pdf-mcp-server PDF File server.py get_pdf_path path traversal

CVE-2026-7314 HIGH

eiceblue spire-doc-mcp-server base.py get_doc_path path traversal

Page 1 of 350 Next

Details

Vulnerabilities 8,747

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy