Skip to main content

CWE-36

Absolute Path Traversal

111 CVEs Avg CVSS 7.3 MITRE
14
CRITICAL
58
HIGH
38
MEDIUM
1
LOW
33
POC
5
KEV

Monthly

CVE-2026-57211 CRITICAL PATCH Act Now

Server-side request forgery and NTLM credential exposure in the RabbitMQ management plugin (versions 4.1.0 to before 4.1.11 and 4.2.0 to before 4.2.6) on Windows lets remote actors coerce the broker into outbound DNS and SMB connections to attacker-controlled UNC paths. The static file handler rabbit_mgmt_wm_static passes URL-encoded backslashes to erl_prim_loader:read_file_info before path validation, but only when multiple management extension plugins are enabled. No public exploit has been identified at time of analysis, and the EPSS score is low (0.28%, 20th percentile) despite the CVSS 10.0 rating.

Microsoft Information Disclosure Rabbitmq Server
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-15302 MEDIUM This Month

Path traversal via the unsanitized 'X-FILENAME' HTTP header in the ARMember WordPress membership plugin allows unauthenticated remote attackers to upload and overwrite files outside the intended 'wp-content/uploads/armember' directory on affected WordPress installations running versions 4.0.27 and earlier. The integrity impact is limited by the plugin's handling of 'certain files (e.g., CSS)' rather than arbitrary file types, capping the CVSS score at 5.3 Medium; however, successful exploitation can enable website defacement or manipulation of frontend assets without any authentication. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

WordPress Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2026-58300 MEDIUM PATCH This Month

Absolute path traversal in Microsoft Edge for Android (Chromium-based) prior to version 150.0.4078.48 enables local, unauthenticated information disclosure by allowing crafted paths to escape the application's intended directory scope. The CVSS vector (AV:L/C:H/I:N/A:N) confirms the impact is limited to confidentiality loss on the local device, with no integrity or availability consequences. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Path Traversal Microsoft Google Microsoft Edge Chromium Based
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-53698 MEDIUM This Month

Absolute path traversal (CWE-36) in Silverpeas through 6.4.6 allows authenticated remote users to read arbitrary files from the server filesystem by exploiting the 'Personal space' fallback path in the FileServer servlet, activated when no componentId parameter is supplied. The CVSS vector confirms network-reachable, low-complexity exploitation requiring only low-privilege credentials, with high confidentiality impact and no integrity or availability loss. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Silverpeas
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10075 MEDIUM This Month

Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file names under arbitrary filesystem paths on the host. The vulnerability stems from CWE-36 (Absolute Path Traversal) and is exploitable over the network without any credentials or user interaction, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). Confidentiality impact is limited to file name disclosure rather than full file content retrieval, per the VC:L scoring. No public exploit code or CISA KEV listing has been identified at time of analysis.

Path Traversal Dreammaker
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-10044 HIGH POC PATCH This Week

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows paths or backslash traversal bypass it entirely. Publicly available exploit code exists and a vendor patch has been released; this issue was reported by VulnCheck.

Microsoft Path Traversal
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-32997 HIGH This Week

Arbitrary file write in Veeam Backup & Replication 13 (≤13.0.1) on Linux-based deployments allows an authenticated Backup Administrator to write files anywhere on the server filesystem, enabling code execution and full host compromise. CVSS 4.0 scores this 8.6 (High) due to network-reachable exploitation with high impact across confidentiality, integrity, and availability, though high privileges are required. No public exploit identified at time of analysis.

Information Disclosure Backup And Replication
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-4782 MEDIUM This Month

Arbitrary file read in Avada Builder plugin for WordPress versions up to 3.15.2 allows authenticated attackers with Subscriber-level access to read arbitrary files on the server via the 'fusion_get_svg_from_file' function in the 'fusion_section_separator' shortcode. Sensitive information including configuration files, database credentials, and private keys can be exposed. The vulnerability was partially patched in 3.15.2 and fully patched in version 3.15.3.

RCE WordPress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32175 NuGet MEDIUM POC PATCH GHSA Exploit Unlikely This Month

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Information Disclosure Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2017 Version 15 9 Includes 15 0 15 8 +4
NVD VulDB GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-6418 MEDIUM PATCH This Month

PaperCut MF version 25.0.4 allows authenticated administrators to read arbitrary files on the server through insufficient path validation in the Shared Account Synchronization component, exposing sensitive configuration and system files via the account management interface. The vulnerability requires administrative privileges and attack complexity involves timing (AT:P), limiting real-world exploitation scope despite network accessibility.

Information Disclosure Papercut Ng Mf
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Server-side request forgery and NTLM credential exposure in the RabbitMQ management plugin (versions 4.1.0 to before 4.1.11 and 4.2.0 to before 4.2.6) on Windows lets remote actors coerce the broker into outbound DNS and SMB connections to attacker-controlled UNC paths. The static file handler rabbit_mgmt_wm_static passes URL-encoded backslashes to erl_prim_loader:read_file_info before path validation, but only when multiple management extension plugins are enabled. No public exploit has been identified at time of analysis, and the EPSS score is low (0.28%, 20th percentile) despite the CVSS 10.0 rating.

Microsoft Information Disclosure Rabbitmq Server
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

Path traversal via the unsanitized 'X-FILENAME' HTTP header in the ARMember WordPress membership plugin allows unauthenticated remote attackers to upload and overwrite files outside the intended 'wp-content/uploads/armember' directory on affected WordPress installations running versions 4.0.27 and earlier. The integrity impact is limited by the plugin's handling of 'certain files (e.g., CSS)' rather than arbitrary file types, capping the CVSS score at 5.3 Medium; however, successful exploitation can enable website defacement or manipulation of frontend assets without any authentication. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

WordPress Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Absolute path traversal in Microsoft Edge for Android (Chromium-based) prior to version 150.0.4078.48 enables local, unauthenticated information disclosure by allowing crafted paths to escape the application's intended directory scope. The CVSS vector (AV:L/C:H/I:N/A:N) confirms the impact is limited to confidentiality loss on the local device, with no integrity or availability consequences. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Path Traversal Microsoft Google +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Absolute path traversal (CWE-36) in Silverpeas through 6.4.6 allows authenticated remote users to read arbitrary files from the server filesystem by exploiting the 'Personal space' fallback path in the FileServer servlet, activated when no componentId parameter is supplied. The CVSS vector confirms network-reachable, low-complexity exploitation requiring only low-privilege credentials, with high confidentiality impact and no integrity or availability loss. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Silverpeas
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file names under arbitrary filesystem paths on the host. The vulnerability stems from CWE-36 (Absolute Path Traversal) and is exploitable over the network without any credentials or user interaction, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). Confidentiality impact is limited to file name disclosure rather than full file content retrieval, per the VC:L scoring. No public exploit code or CISA KEV listing has been identified at time of analysis.

Path Traversal Dreammaker
NVD
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows paths or backslash traversal bypass it entirely. Publicly available exploit code exists and a vendor patch has been released; this issue was reported by VulnCheck.

Microsoft Path Traversal
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary file write in Veeam Backup & Replication 13 (≤13.0.1) on Linux-based deployments allows an authenticated Backup Administrator to write files anywhere on the server filesystem, enabling code execution and full host compromise. CVSS 4.0 scores this 8.6 (High) due to network-reachable exploitation with high impact across confidentiality, integrity, and availability, though high privileges are required. No public exploit identified at time of analysis.

Information Disclosure Backup And Replication
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Arbitrary file read in Avada Builder plugin for WordPress versions up to 3.15.2 allows authenticated attackers with Subscriber-level access to read arbitrary files on the server via the 'fusion_get_svg_from_file' function in the 'fusion_section_separator' shortcode. Sensitive information including configuration files, database credentials, and private keys can be exposed. The vulnerability was partially patched in 3.15.2 and fully patched in version 3.15.3.

RCE WordPress
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH Exploit Unlikely This Month

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Information Disclosure Net 10 0 Net 8 0 +6
NVD VulDB GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

PaperCut MF version 25.0.4 allows authenticated administrators to read arbitrary files on the server through insufficient path validation in the Shared Account Synchronization component, exposing sensitive configuration and system files via the account management interface. The vulnerability requires administrative privileges and attack complexity involves timing (AT:P), limiting real-world exploitation scope despite network accessibility.

Information Disclosure Papercut Ng Mf
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy