CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,091 vulnerabilities with CWE-22
CVE-2026-45171 HIGH
Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation
CVE-2026-49982 HIGH
node-tmp 0.2.6 - Path Traversal via Non-String Template Values
CVSS 8.2
CVE-2026-44705 HIGH
tmp: Path Traversal via unsanitized prefix/postfix enables directory escape
CVSS 8.2
CVE-2026-53777 HIGH
Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket
CVSS 8.1
CVE-2026-11816 HIGH
Path Traversal in keras-team/keras
CVSS 8.1
CVE-2026-8464 HIGH
Path traversal in Neuron Soft Golem OEE MES
CVE-2026-40987 HIGH
Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
CVSS 7.1
CVE-2026-52726 HIGH
Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload
CVSS 7.5
CVE-2026-49219 MEDIUM
ImageMagick: Policy Bypass can read disallowed files
CVSS 5.5
CVE-2026-47712 LOW
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
CVSS 3.3
CVE-2026-46703 CRITICAL
BoxLite < 0.9.0 OCI Image Handling - Arbitrary Host File Write
CVSS 9.6
CVE-2026-42305 HIGH
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
CVSS 8.8
CVE-2026-45380 LOW
bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`
CVSS 3.6
CVE-2026-0270 MEDIUM
Cortex XSOAR: Path Traversal Vulnerability
CVE-2026-50567 HIGH
Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destination directory
CVSS 7.7
CVE-2026-45569 HIGH
Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)
CVSS 8.1
CVE-2026-45565 HIGH
Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)
CVSS 8.1
CVE-2026-45556 CRITICAL
Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`
CVSS 9.9
CVE-2026-52756 MEDIUM
Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
CVSS 4.8
CVE-2026-52755 HIGH
Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import
CVSS 7.8
CVE-2026-52752 HIGH
Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
CVSS 7.8
CVE-2026-49497 LOW
Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution
CVSS 3.3
CVE-2026-24717 MEDIUM
QNAP Systems - QTS, QuTS Hero
CVSS 6.5
CVE-2026-46491 HIGH
SimpleSAMLphp casserver < 7.0.3 - CAS Ticket Path Traversal
CVSS 8.6
CVE-2026-44716 HIGH
Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
CVSS 7.5
Details
Vulnerabilities 9,091
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits