Skip to main content

CWE-23

Relative Path Traversal

362 CVEs Avg CVSS 7.1 MITRE
54
CRITICAL
166
HIGH
122
MEDIUM
20
LOW
73
POC
5
KEV

Monthly

CVE-2026-56196 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Admin Center allows an authenticated attacker to run arbitrary code over the network by exploiting a relative path traversal (CWE-23) flaw. Any user holding valid low-privilege credentials to the WAC gateway can leverage the traversal to break out of the intended file path and achieve full compromise (confidentiality, integrity, and availability impact all High). Microsoft has published a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Path Traversal Windows Admin Center
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2026-50426 MEDIUM PATCH This Month

Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network.

Path Traversal Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 Windows Server 2012 Server Core Installation +9
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2026-50454 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows User Interface Core (UI Core) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a relative path traversal flaw lets an already-authenticated low-privileged user escalate to higher privileges on the local machine. The CVSS 3.1 score of 7.8 reflects full confidentiality, integrity, and availability impact once triggered, though attack requires local access and existing low-level privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Path Traversal Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-40400 HIGH PATCH This Week

Remote code execution in Windows PowerShell allows an authenticated attacker with low privileges to run arbitrary code across a network by exploiting a relative path traversal (CWE-23) flaw, provided a victim is induced to interact (UI:R). Affecting supported Windows 10/11 clients and Windows Server 2012 through 2025, the issue carries a CVSS 8.0 with full confidentiality, integrity, and availability impact, and a vendor patch is available via MSRC. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Microsoft Path Traversal Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2026-50663 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft's Age of Empires II: Definitive Edition Game is possible via a relative path traversal flaw (CWE-23) that lets a network-based attacker execute arbitrary code once a victim loads attacker-supplied content. The vulnerability is rated CVSS 8.8 (AV:N/AC:L/PR:N/UI:R) and requires user interaction, meaning a player must open or load a malicious game asset such as a downloaded map, mod, recording, or scenario. Microsoft has released a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal Age Of Empires Ii
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-14903 HIGH This Week

Arbitrary file disclosure in Ivanti Xtraction before 2026.2.1 lets a remote, authenticated attacker traverse outside the application's web root and read sensitive files from the underlying host. The CVSS 3.1 score of 7.7 reflects a scope change (S:C), meaning the impact reaches beyond the web application into the host filesystem, though only confidentiality is affected. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; no EPSS score was provided.

Path Traversal Ivanti Xtraction
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2026-55474 HIGH PATCH This Week

Arbitrary file read in Snipe-IT before 8.5.0 lets an authenticated user abuse the ActionlogController::displaySig endpoint, which concatenates the route's filename parameter into a private upload-directory path without sanitization, enabling relative path traversal (CWE-23) to read any file the web server process can access. The CVSS 4.0 base score is 7.1 with high confidentiality impact only; there is no public exploit identified at time of analysis and no CISA KEV listing. Because Snipe-IT stores database credentials and application secrets in web-readable files, the practical impact can extend beyond simple information disclosure toward full application compromise.

Information Disclosure Snipe It
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-59792 CRITICAL PATCH Act Now

Code execution via path traversal in JetBrains IntelliJ IDEA before 2026.1.4 and 2026.2 lets an attacker abuse improper sanitization of the project workspace ID to write or reference files outside the intended workspace directory, culminating in arbitrary code execution. The flaw was self-reported by JetBrains and a fix is available; no public exploit has been identified at time of analysis. The NVD-assigned CVSS of 9.8 (network, no privileges, no user interaction) is notably high for a desktop IDE flaw and warrants scrutiny given that IDE project-handling bugs typically require a victim to open a crafted project.

Path Traversal RCE Intellij Idea
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-61343 HIGH PATCH This Week

Authenticated remote code execution in LibreBooking (open-source scheduling/reservation platform) versions prior to 5.1.0 allows an administrator to write arbitrary files outside the intended template directory by abusing the email template editor's save action, which trusts the submitted template name as part of the destination file path. Because the resulting file can be dropped into a web-executable location, the write primitive escalates to server-side code execution. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV, but a CISA CSAF advisory and upstream fix commit exist.

RCE
NVD GitHub
CVSS 4.0
8.6
EPSS
0.8%
CVE-2026-8650 HIGH PATCH This Week

Path traversal in Progress MOVEit Transfer's Admin Settings module (versions before 2025.0.7 and 2025.1.0 before 2025.1.3) lets remote attackers supply relative '../' sequences to read files outside the intended directory, exposing sensitive configuration or system data. The CVSS 3.1 vector scores it 7.5 with confidentiality-only impact (C:H/I:N/A:N) and no listed authentication (PR:N), though the 'Admin Settings' location warrants scrutiny of that claim. No public exploit identified at time of analysis; EPSS is low (0.20%, 10th percentile) and CISA SSVC records no known exploitation.

Path Traversal Moveit Transfer
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Admin Center allows an authenticated attacker to run arbitrary code over the network by exploiting a relative path traversal (CWE-23) flaw. Any user holding valid low-privilege credentials to the WAC gateway can leverage the traversal to break out of the intended file path and achieve full compromise (confidentiality, integrity, and availability impact all High). Microsoft has published a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Path Traversal Windows Admin Center
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network.

Path Traversal Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows User Interface Core (UI Core) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a relative path traversal flaw lets an already-authenticated low-privileged user escalate to higher privileges on the local machine. The CVSS 3.1 score of 7.8 reflects full confidentiality, integrity, and availability impact once triggered, though attack requires local access and existing low-level privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Path Traversal Windows 11 Version 24H2 +4
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Remote code execution in Windows PowerShell allows an authenticated attacker with low privileges to run arbitrary code across a network by exploiting a relative path traversal (CWE-23) flaw, provided a victim is induced to interact (UI:R). Affecting supported Windows 10/11 clients and Windows Server 2012 through 2025, the issue carries a CVSS 8.0 with full confidentiality, integrity, and availability impact, and a vendor patch is available via MSRC. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Microsoft Path Traversal Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft's Age of Empires II: Definitive Edition Game is possible via a relative path traversal flaw (CWE-23) that lets a network-based attacker execute arbitrary code once a victim loads attacker-supplied content. The vulnerability is rated CVSS 8.8 (AV:N/AC:L/PR:N/UI:R) and requires user interaction, meaning a player must open or load a malicious game asset such as a downloaded map, mod, recording, or scenario. Microsoft has released a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal Age Of Empires Ii
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Arbitrary file disclosure in Ivanti Xtraction before 2026.2.1 lets a remote, authenticated attacker traverse outside the application's web root and read sensitive files from the underlying host. The CVSS 3.1 score of 7.7 reflects a scope change (S:C), meaning the impact reaches beyond the web application into the host filesystem, though only confidentiality is affected. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; no EPSS score was provided.

Path Traversal Ivanti Xtraction
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Arbitrary file read in Snipe-IT before 8.5.0 lets an authenticated user abuse the ActionlogController::displaySig endpoint, which concatenates the route's filename parameter into a private upload-directory path without sanitization, enabling relative path traversal (CWE-23) to read any file the web server process can access. The CVSS 4.0 base score is 7.1 with high confidentiality impact only; there is no public exploit identified at time of analysis and no CISA KEV listing. Because Snipe-IT stores database credentials and application secrets in web-readable files, the practical impact can extend beyond simple information disclosure toward full application compromise.

Information Disclosure Snipe It
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Code execution via path traversal in JetBrains IntelliJ IDEA before 2026.1.4 and 2026.2 lets an attacker abuse improper sanitization of the project workspace ID to write or reference files outside the intended workspace directory, culminating in arbitrary code execution. The flaw was self-reported by JetBrains and a fix is available; no public exploit has been identified at time of analysis. The NVD-assigned CVSS of 9.8 (network, no privileges, no user interaction) is notably high for a desktop IDE flaw and warrants scrutiny given that IDE project-handling bugs typically require a victim to open a crafted project.

Path Traversal RCE Intellij Idea
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Authenticated remote code execution in LibreBooking (open-source scheduling/reservation platform) versions prior to 5.1.0 allows an administrator to write arbitrary files outside the intended template directory by abusing the email template editor's save action, which trusts the submitted template name as part of the destination file path. Because the resulting file can be dropped into a web-executable location, the write primitive escalates to server-side code execution. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV, but a CISA CSAF advisory and upstream fix commit exist.

RCE
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Path traversal in Progress MOVEit Transfer's Admin Settings module (versions before 2025.0.7 and 2025.1.0 before 2025.1.3) lets remote attackers supply relative '../' sequences to read files outside the intended directory, exposing sensitive configuration or system data. The CVSS 3.1 vector scores it 7.5 with confidentiality-only impact (C:H/I:N/A:N) and no listed authentication (PR:N), though the 'Admin Settings' location warrants scrutiny of that claim. No public exploit identified at time of analysis; EPSS is low (0.20%, 10th percentile) and CISA SSVC records no known exploitation.

Path Traversal Moveit Transfer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy