CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,092 vulnerabilities with CWE-22
CVE-2026-42213 MEDIUM
SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak
CVE-2026-7807 HIGH
SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API
CVSS 8.1
CVE-2026-42028 MEDIUM
novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root
CVSS 5.3
CVE-2026-41887 MEDIUM
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
CVSS 4.9
CVE-2026-38360 CRITICAL
dash-uploader 0.1.0-0.7.0a2 - Path Traversal
CVSS 9.8
CVE-2026-42353 HIGH
Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters
CVSS 8.2
CVE-2026-41885 MEDIUM
Path traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backend
CVSS 6.5
CVE-2026-41693 HIGH
i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite
CVSS 8.2
CVE-2026-41690 HIGH
Prototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parameters
CVSS 8.6
CVE-2026-44340 HIGH
PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
CVSS 7.5
CVE-2026-44336 CRITICAL
PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection
CVSS 9.6
CVE-2026-41493 HIGH
yard: Possible arbitrary path traversal and file access via yard server
CVSS 7.5
CVE-2026-41491 HIGH
Dapr: Service Invocation path traversal ACL bypass
CVSS 8.1
CVE-2026-8069 HIGH
PredatorSense V3: Local Privilege Escalation (LPE) vulnerability
CVE-2026-44298 MEDIUM
Kimai: Arbitrary file read in invoice PDF renderer (admin)
CVSS 4.1
CVE-2026-43940 HIGH
electerm: Path traversal in electerm runWidget leads to arbitrary code execution
CVSS 8.4
CVE-2026-42275 HIGH
zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
CVSS 8.7
CVE-2026-8116 MEDIUM
huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal
CVSS 6.3
CVE-2026-8115 MEDIUM
gyoridavid short-video-maker REST API rest.ts path traversal
CVSS 5.3
CVE-2026-8113 MEDIUM
8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal
CVSS 4.3
CVE-2026-41691 MEDIUM
i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns
CVSS 6.5
CVE-2026-44243 HIGH
GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repository
CVSS 7.1
CVE-2026-41589 CRITICAL
Wish has SCP Path Traversal that allows arbitrary file read/write
CVSS 9.6
CVE-2026-7252 HIGH
WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta
CVSS 8.1
CVE-2026-41656 MEDIUM
Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read
CVSS 4.5
Details
Vulnerabilities 9,092
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits