CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

8,747 vulnerabilities with CWE-22
CVE-2026-6636 MEDIUM
p2r3 convert API buildCache.js Bun.serve path traversal
CVSS 4.3
CVE-2026-6620 MEDIUM
SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal
CVSS 6.3
CVE-2026-6615 HIGH
TransformerOptimus SuperAGI Multipart Upload resources.py upload path traversal
CVSS 7.3
CVE-2026-6591 MEDIUM
ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
CVSS 4.3
CVE-2026-6590 MEDIUM
ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal
CVSS 4.3
CVE-2026-6568 HIGH
kodcloud KodExplorer Public Share share.class.php initShareOld path traversal
CVSS 7.3
CVE-2026-40491 MEDIUM
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
CVSS 6.5
CVE-2026-40258 CRITICAL
Gramps Web API has Zip Slip Path Traversal in Media Archive Import
CVSS 9.1
CVE-2026-40342 CRITICAL
Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution
CVSS 9.9
CVE-2026-5710 HIGH
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile Field
CVSS 7.5
CVE-2026-40518 HIGH
ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
CVSS 7.1
CVE-2026-3464 HIGH
WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file
CVSS 8.8
CVE-2026-6496 MEDIUM
prasathmani TinyFileManager POST Parameter filemanager.php path traversal
CVSS 5.4
CVE-2026-6487 MEDIUM
Qihui jtbc5 CMS Code Endpoint manage.php path traversal
CVSS 4.3
CVE-2026-4659 HIGH
Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal
CVSS 7.5
CVE-2026-35496 LOW
CubeCart < prior to 6.6.0 - Path Traversal
CVSS 2.7
CVE-2026-4853 MEDIUM
JetBackup <= 3.1.19.8 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter
CVSS 4.9
CVE-2026-6410 MEDIUM
@fastify/static vulnerable to path traversal in directory listing
CVSS 5.3
CVE-2026-40503 MEDIUM
OpenHarness Path Traversal Information Disclosure via /memory show
CVSS 6.5
CVE-2026-21726 MEDIUM
Loki Path Traversal - CVE-2021-36156 Bypass
CVSS 5.3
CVE-2026-40256 MEDIUM
Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision
CVSS 5.0
CVE-2026-34242 HIGH
Weblate: Arbitrary File Read via Symlink
CVSS 7.7
CVE-2026-33220 MEDIUM
Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository
CVSS 6.8
CVE-2026-30996 HIGH
SAC-NFe 2.0.02 - Path Traversal
CVSS 7.5
CVE-2026-20180 CRITICAL
Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability
CVSS 9.9
Details
Vulnerabilities 8,747
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits