Skip to main content

CWE-46

Path Equivalence: 'filename ' (Trailing Space)

1 CVEs Avg CVSS 9.8 MITRE
1
CRITICAL
0
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-8801 CRITICAL PATCH Act Now

Path-equivalence weakness in Progress MOVEit Transfer's File Upload modules lets remote attackers bypass path-normalization checks to reach or place files outside their intended scope, carrying an NVD CVSS of 9.8. It affects MOVEit Transfer before 2025.0.8 and the 2025.1.x line before 2025.1.4, and a vendor patch is available. There is no public exploit identified at time of analysis and EPSS is low (0.25%), while CISA SSVC rates exploitation as none and technical impact as only partial.

File Upload Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Path-equivalence weakness in Progress MOVEit Transfer's File Upload modules lets remote attackers bypass path-normalization checks to reach or place files outside their intended scope, carrying an NVD CVSS of 9.8. It affects MOVEit Transfer before 2025.0.8 and the 2025.1.x line before 2025.1.4, and a vendor patch is available. There is no public exploit identified at time of analysis and EPSS is low (0.25%), while CISA SSVC rates exploitation as none and technical impact as only partial.

File Upload Moveit Transfer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy