CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,092 vulnerabilities with CWE-22
CVE-2026-41655 MEDIUM
Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials
CVSS 6.5
CVE-2026-41203 CRITICAL
ci4ms < 0.31.5.0 Theme Upload - Zip Slip Remote Code Execution
CVE-2026-41202 CRITICAL
ci4ms < 0.31.5.0 Backup Restore - Zip Slip Remote Code Execution
CVE-2026-40982 CRITICAL
Spring Cloud Config - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS 9.1
CVE-2026-40076 HIGH
OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload
CVSS 8.8
CVE-2026-7875 HIGH
NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling
CVSS 8.8
CVE-2026-43975 MEDIUM
Apache Wicket: Possible malicious path traversal in FolderUploadsFileManager
CVSS 6.5
CVE-2026-6344 MEDIUM
Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment
CVSS 4.9
CVE-2026-35254 MEDIUM
Oracle OCI CLI 3.77 - Unauthenticated Path Traversal via File Import
CVSS 6.1
CVE-2026-40075 HIGH
OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet
CVSS 7.5
CVE-2026-35397 HIGH
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
CVSS 8.8
CVE-2026-7411 CRITICAL
Eclipse BaSyx < 2.0.0-milestone-10 - Path Traversal & Arbitrary File Write via Submodel API
CVSS 10.0
CVE-2026-6262 MEDIUM
Betheme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion via 'mfn-icon-upload'
CVSS 6.5
CVE-2026-43870 HIGH
Apache Thrift: Node.js web_server.js multi-vulnerability
CVSS 7.3
CVE-2026-5192 HIGH
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'
CVSS 7.5
CVE-2026-7811 HIGH
54yyyu code-mcp MCP File server.py is_safe_path path traversal
CVSS 7.3
CVE-2026-7810 HIGH
UsamaK98 python-notebook-mcp server.py add_cell path traversal
CVSS 7.3
CVE-2026-5957 MEDIUM
EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter
CVSS 6.5
CVE-2026-1921 MEDIUM
Loco Translate <= 2.8.2 - Authenticated (Translator+) Path Traversal to Limited File Read via 'ref' Parameter
CVSS 4.9
CVE-2026-7788 HIGH
Axle-Bucamp MCP-Docusaurus document.py get_content path traversal
CVSS 7.3
CVE-2026-7784 HIGH
RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal
CVSS 7.3
CVE-2026-6321 HIGH
fast-uri vulnerable to path traversal via percent-encoded dot segments
CVSS 7.5
CVE-2026-42080 MEDIUM
PPTAgent: Arbitrary File Write via `save_generated_slides`
CVSS 4.6
CVE-2026-42078 MEDIUM
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
CVSS 4.6
CVE-2026-42075 HIGH
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
CVSS 8.1
Details
Vulnerabilities 9,092
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits