CWE-426
High likelihoodUntrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
626 vulnerabilities with CWE-426
CVE-2026-7309
MEDIUM
Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection
CVSS 4.3
CVE-2026-35368
HIGH
uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection
CVSS 7.8
CVE-2026-35603
HIGH
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
CVSS 7.3
CVE-2026-6421
HIGH
Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path
CVSS 7.0
CVE-2026-40947
LOW
Yubico libfido2 <1.17.0 - DLL Hijacking
CVSS 2.9
CVE-2026-27290
HIGH
Adobe Framemaker | Untrusted Search Path (CWE-426)
CVSS 8.6
CVE-2026-40287
HIGH
PraisonAI has RCE via Automatic tools.py Import
CVSS 8.4
CVE-2026-40156
HIGH
PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
CVSS 7.8
CVE-2026-39883
HIGH
OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking
CVSS 7.0
CVE-2026-3780
HIGH
Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
CVSS 7.3
CVE-2026-4962
HIGH
UltraVNC Service version.dll uncontrolled search path
CVSS 7.0
CVE-2026-4546
HIGH
Flos Freeware Notepad2 TextShaping.dll uncontrolled search path
CVSS 7.0
CVE-2026-4545
HIGH
Flos Freeware Notepad2 PROPSYS.dll uncontrolled search path
CVSS 7.0
CVE-2026-33156
HIGH
DLL Sideloading in ScreenToGif
CVSS 7.8
CVE-2026-25792
MEDIUM
Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin
CVSS 6.5
CVE-2026-32032
HIGH
OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable
CVSS 7.8
CVE-2026-32016
HIGH
OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS
CVSS 7.8
CVE-2026-32015
HIGH
OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation
CVSS 7.8
CVE-2026-32009
MEDIUM
OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins
CVSS 5.7
CVE-2026-21333
HIGH
Illustrator <29.8.4,30.1 - Untrusted Search Path
CVSS 8.6
CVE-2026-25190
HIGH
Windows GDI - Code Injection
CVSS 7.8
CVE-2026-3787
HIGH
UltraVNC 1.6.4.0 - Path Traversal
CVSS 7.0
CVE-2026-29089
HIGH
TimescaleDB 2.23.0-2.25.1 - Code Injection
CVSS 8.8
CVE-2026-2998
HIGH
eAI Technologies ERP - DLL Hijacking
CVSS 7.8
CVE-2026-25926
HIGH
Notepad++ <8.9.2 - Unsafe Search Path
CVSS 7.3
Details
Vulnerabilities
626
Exploit Likelihood
High