CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,116 vulnerabilities with CWE-22
CVE-2026-39861 CRITICAL
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
CVSS 10.0
CVE-2026-39378 MEDIUM
nbconvert 6.5-7.17.0 HTMLExporter Image Embedding - Arbitrary File Read
CVSS 6.5
CVE-2026-39377 MEDIUM
nbconvert 6.5-7.17.0 Cell Attachments - Arbitrary File Write
CVSS 6.5
CVE-2026-35570 HIGH
OpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path Traversal
CVSS 8.4
CVE-2026-5478 HIGH
Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter
CVSS 8.1
CVE-2026-6248 HIGH
wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path
CVSS 8.1
CVE-2026-25525 MEDIUM
OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module
CVSS 4.9
CVE-2026-41245 MEDIUM
Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
CVSS 5.9
CVE-2026-6636 MEDIUM
p2r3 convert API buildCache.js Bun.serve path traversal
CVSS 4.3
CVE-2026-6620 MEDIUM
SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal
CVSS 6.3
CVE-2026-6615 HIGH
TransformerOptimus SuperAGI Multipart Upload resources.py upload path traversal
CVSS 7.3
CVE-2026-5966 HIGH
TeamT5|ThreatSonar Anti-Ransomware - Arbitrary File Deletion
CVSS 8.1
CVE-2026-6591 MEDIUM
ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
CVSS 4.3
CVE-2026-6590 MEDIUM
ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal
CVSS 4.3
CVE-2026-6568 HIGH
kodcloud KodExplorer Public Share share.class.php initShareOld path traversal
CVSS 7.3
CVE-2026-40491 MEDIUM
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
CVSS 6.5
CVE-2026-40258 CRITICAL
Gramps Web API has Zip Slip Path Traversal in Media Archive Import
CVSS 9.1
CVE-2026-40342 CRITICAL
Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution
CVSS 9.9
CVE-2026-5710 HIGH
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile Field
CVSS 7.5
CVE-2026-40518 HIGH
ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
CVSS 7.1
CVE-2026-3464 HIGH
WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file
CVSS 8.8
CVE-2026-6496 MEDIUM
prasathmani TinyFileManager POST Parameter filemanager.php path traversal
CVSS 5.4
CVE-2026-6487 MEDIUM
Qihui jtbc5 CMS Code Endpoint manage.php path traversal
CVSS 4.3
CVE-2026-4659 HIGH
Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal
CVSS 7.5
CVE-2026-35496 LOW
CubeCart < 6.6.0 - Authenticated Path Traversal
CVSS 2.7
Details
Vulnerabilities 9,116
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits