CWE-35

Path Traversal: '.../...//'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

169 vulnerabilities with CWE-35
CVE-2026-52703 CRITICAL
WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability
CVSS 9.6
CVE-2026-49112 HIGH
WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability
CVSS 7.5
CVE-2026-42661 HIGH
WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability
CVSS 8.8
CVE-2026-40128 CRITICAL
SAP NetWeaver AS Java Web Container - Path Traversal via HTTP Logon Request
CVSS 9.0
CVE-2026-24315 MEDIUM
SAP Fiori Launchpad - Path Traversal via Malicious URLs
CVSS 4.2
CVE-2026-45661 CRITICAL
Dokploy: Remote Code Execution through Path Traversal
CVSS 9.9
CVE-2026-44933 HIGH
SUSE Linux Enterprise 17.38.8 - Path Traversal via PluginScript Chroot Bypass
CVSS 7.8
CVE-2026-45495 HIGH
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 8.8
CVE-2026-7302 CRITICAL
SGLang - Unauthenticated Path Traversal and Arbitrary File Write via Upload Filename
CVSS 9.1
CVE-2026-42930 HIGH
F5 BIG-IP 16.1.0-21.1.0 - Authenticated Appliance Mode Restriction Bypass
CVSS 8.7
CVE-2026-24464 MEDIUM
F5 BIG-IP 16.1.0-21.0.0, 21.1.0-21.1.0 - Authenticated Path Traversal via iControl REST Endpoint
CVSS 6.8
CVE-2026-25705 HIGH
Rancher Extensions have arbitrary file access via path traversal
CVSS 8.4
CVE-2026-0804 MEDIUM
AXIS OS 12.0.0-12.10.3 - Path Traversal via ACAP Configuration File
CVSS 6.7
CVE-2026-42274 HIGH
Heimdall: Authorization bypass via path normalization mismatch
CVE-2026-20034 HIGH
Cisco Unity Connection Remote Code Execution Vulnerability
CVSS 8.8
CVE-2026-0205 MEDIUM
SonicOS < 6.5.5.2-28n - Authenticated Path Traversal
CVSS 6.8
CVE-2026-6074 CRITICAL
Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)
CVSS 9.8
CVE-2026-28265 MEDIUM
Dell PowerStore < 4.4.0.0-2692403 - Path Traversal in Service User
CVSS 4.4
CVE-2026-25397 HIGH
WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability
CVSS 7.5
CVE-2026-32415 MEDIUM
Squeeze <= 1.7.7 - Path Traversal via '.../...//'
CVSS 5.0
CVE-2026-26124 MEDIUM
Microsoft ACI Confidential Containers - Privilege Escalation
CVSS 6.7
CVE-2026-1763 MEDIUM
GE Vernova Enervista UR Setup <8.6 - Info Disclosure
CVSS 4.6
CVE-2025-69325 MEDIUM
Primer MyData for Woocommerce <=4.2.8 - Path Traversal
CVSS 5.3
CVE-2025-59793 CRITICAL
Rocket TRUfusion Enterprise <7.10.5 - Path Traversal
CVSS 9.9
CVE-2025-58381 LOW
Brocade Fabric OS <9.2.1c2 - Path Traversal
CVSS 2.3
Details
Vulnerabilities 169
Links
MITRE CWE Entry Search this CWE With Exploits