CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

8,747 vulnerabilities with CWE-22
CVE-2026-35338 HIGH
uutils coreutils chmod Path Traversal Bypass of --preserve-root
CVSS 7.3
CVE-2026-32885 MEDIUM
DDEV has ZipSlip path traversal in tar and zip archive extraction
CVSS 6.5
CVE-2026-6855 HIGH
Instructlab: instructlab: path traversal allows arbitrary directory creation and file write
CVSS 7.1
CVE-2026-4280 MEDIUM
Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read
CVSS 6.5
CVE-2026-41062 MEDIUM
WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters
CVSS 6.5
CVE-2026-41058 HIGH
AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo
CVSS 8.1
CVE-2026-6832 HIGH
Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id
CVSS 8.1
CVE-2026-6829 MEDIUM
nesquena hermes-webui Arbitrary Workspace Directory Access
CVSS 6.3
CVE-2026-40923 MEDIUM
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
CVSS 5.4
CVE-2026-40909 HIGH
WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)
CVSS 8.7
CVE-2026-40876 HIGH
SFTP root escape via prefix-based path validation in goshs
CVSS 8.8
CVE-2026-41193 CRITICAL
FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE
CVSS 9.1
CVE-2026-40611 HIGH
Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider
CVSS 8.8
CVE-2026-40576 CRITICAL
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server
CVSS 9.4
CVE-2026-40050 CRITICAL
CrowdStrike LogScale Unauthenticated Path Traversal
CVSS 9.8
CVE-2026-32147 MEDIUM
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
CVE-2026-39973 HIGH
Apktool: Path Traversal to Arbitrary File Write
CVSS 7.1
CVE-2026-39861 CRITICAL
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
CVSS 10.0
CVE-2026-39378 MEDIUM
nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
CVSS 6.5
CVE-2026-39377 MEDIUM
nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
CVSS 6.5
CVE-2026-35570 HIGH
OpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path Traversal
CVSS 8.4
CVE-2026-5478 HIGH
Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter
CVSS 8.1
CVE-2026-6248 HIGH
wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path
CVSS 8.1
CVE-2026-25525 MEDIUM
OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module
CVSS 4.9
CVE-2026-41245 MEDIUM
Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
CVSS 5.9
Details
Vulnerabilities 8,747
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits