CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,091 vulnerabilities with CWE-22
CVE-2026-45017 HIGH
Python Liquid: Absolute paths escape filesystem loader search path
CVSS 7.5
CVE-2026-44594 HIGH
esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files
CVSS 7.5
CVE-2026-44593 HIGH
esm.sh <= 137 - Legacy Router Path Traversal
CVE-2026-49238 HIGH
SFTP Server VM Escape in Canonical Multipass
CVSS 8.4
CVE-2026-9789 HIGH
NitroSense V3: Security Vulnerability Information
CVE-2026-46402 HIGH
Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory
CVSS 8.1
CVE-2026-49009 LOW
Northern.tech Mender Server <= 4.1.0 - Directory Traversal
CVSS 3.1
CVE-2026-44635 HIGH
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
CVSS 7.5
CVE-2026-44353 MEDIUM
Streamlink: Arbitrary local file read via file:// URI in HLS and DASH
CVSS 6.5
CVE-2026-6957 HIGH
Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.
CVSS 8.0
CVE-2026-48544 HIGH
Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()
CVSS 7.5
CVE-2026-47118 MEDIUM
Agent Zero < 1.15 Path Traversal File Read via image_get API
CVSS 6.5
CVE-2026-45571 MEDIUM
go-git: Crafted repositories may modify main and submodule .git directories
CVSS 5.4
CVE-2026-9035 MEDIUM
IBM Aspera High-Speed Transfer Endpoint - Multiple Vulnerabilities in Aspera applications.
CVSS 6.5
CVE-2026-7524 CRITICAL
Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution
CVSS 9.8
CVE-2026-3366 HIGH
InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read
CVSS 7.5
CVE-2026-42757 CRITICAL
WordPress WebinarIgnition plugin < 4.08.253 - Arbitrary File Deletion vulnerability
CVSS 9.9
CVE-2026-42756 CRITICAL
WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin <= 3.2.7 - Arbitrary File Deletion vulnerability
CVSS 9.9
CVE-2026-42737 HIGH
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Arbitrary File Deletion vulnerability
CVSS 8.6
CVE-2026-41009 MEDIUM
Local Blobstore may allow arbitrary reads/deletes
CVSS 5.8
CVE-2026-44788 MEDIUM
SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)
CVSS 5.9
CVE-2026-42448 LOW
wormhole receive, with --output pointing at an existing directory can be path-traversed
CVSS 3.5
CVE-2026-48126 HIGH
Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir
CVSS 8.2
CVE-2026-43982 HIGH
Algernon: Path traversal file write via savein()
CVE-2026-40384 HIGH
Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
CVSS 7.5
Details
Vulnerabilities 9,091
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits