Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

8,747 vulnerabilities with CWE-22

CVE-2026-41911 MEDIUM

OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

CVE-2026-41383 HIGH

OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths

CVE-2026-7272 HIGH

WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

CVE-2026-7271 MEDIUM

DV0x creative-ad-agent creative-ad-agent-server sdk-server.ts path traversal

CVE-2026-7237 HIGH

AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

CVE-2026-7235 MEDIUM

ErlichLiu claude-agent-sdk-master route.ts path traversal

CVE-2026-7234 HIGH

BrowserOperator browser-operator-core server.js startsWith path traversal

CVE-2026-7217 MEDIUM

Deepractice PromptX Document File index.ts read_pdf absolute path traversal

CVE-2026-7216 HIGH

donchelo processing-claude-mcp-bridge create_sketch Tool processing_server.py path traversal

CVE-2026-7214 HIGH

eghuzefa engineer-your-data server.py file_inf path traversal

CVE-2026-7213 HIGH

ef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversal

CVE-2026-7212 HIGH

edvardlindelof notes-mcp notes_mcp.py path traversal

CVE-2026-7205 HIGH

duartium papers-mcp-server main.py search_papers path traversal

CVE-2026-41370 MEDIUM

OpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP Dispatch

CVE-2026-41363 MEDIUM

OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter

CVE-2026-7179 MEDIUM

OSPG binwalk WinCE Extraction Plugin winceextract.py read_null_terminated_string path traversal

CVE-2026-7159 HIGH

douinc mkdocs-mcp-plugin server.py list_documents path traversal

CVE-2026-3087 MEDIUM

shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

CVE-2026-7149 HIGH

dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal

CVE-2026-30462 MEDIUM

FuelCMS 1.5.2 - Path Traversal

CVE-2026-41465 MEDIUM

ProjeQtor < 12.4.4 Path Traversal via dynamicDialog.php

CVE-2026-41463 HIGH

ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php

CVE-2026-30351 HIGH

leonvanzyl autocoder 79d02a - Path Traversal

CVE-2026-7132 MEDIUM

code-projects Online Lot Reservation System download.php readfile path traversal

CVE-2026-7086 MEDIUM

HBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversal

Previous Page 2 of 350 Next

Details

Vulnerabilities 8,747

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy