Path Traversal

Census CSWeb 8.0.1 contains a path traversal vulnerability (CWE-22) allowing authenticated remote attackers to access arbitrary files outside intended directories through unvalidated file path input. A public proof-of-concept exploit is available on GitHub (hx381/cspro-exploits), significantly increasing exploitation risk. With a CVSS score of 8.8 and low attack complexity requiring only low-level privileges, this poses a critical threat to organizations running the affected version.

Blinko, an AI-powered card note-taking application, contains a path traversal vulnerability in the filePath parameter that allows unauthenticated remote attackers to enumerate file existence on the server through differential error responses. Versions prior to 1.8.4 are affected, and an attacker can leverage this vulnerability to discover sensitive files and directories without authentication or user interaction. The vulnerability has been patched in version 1.8.4, and exploit code or proof-of-concept demonstrations are available via the GitHub security advisory.

A LaTeX injection vulnerability in Indico (event management platform) allows authenticated attackers to read local files or execute arbitrary code on the server when server-side LaTeX rendering is enabled via XELATEX_PATH configuration. The vulnerability stems from TeXLive weaknesses and insufficient sanitization of LaTeX input, permitting specially-crafted snippets to bypass security controls. Patches are available in version 3.3.12, and there is no evidence of active exploitation (not in CISA KEV), though multiple proof-of-concept patches indicate the vulnerability has been thoroughly analyzed.

Blinko, an AI-powered card note-taking application, contains an authenticated arbitrary file write vulnerability in the saveAdditionalDevFile function that allows attackers to write files to arbitrary locations on the system via path traversal. This vulnerability affects all versions prior to 1.8.4 and requires authentication to exploit. An attacker with valid credentials can abuse this flaw to overwrite critical application files, inject malicious code, or achieve remote code execution depending on file permissions and system configuration.

Blinko versions 1.8.3 and earlier allow authenticated users to write arbitrary files to the filesystem through an unvalidated fileName parameter, exploiting a path traversal weakness. The vulnerability requires only basic user authentication and can be leveraged to place malicious files anywhere on the server, potentially leading to remote code execution or system compromise. No patch is currently available.

Blinko versions 1.8.3 and earlier contain a path traversal vulnerability in the plugin file server endpoint that fails to validate whether requested file paths remain within the plugins directory, enabling unauthenticated remote attackers to read arbitrary files. The vulnerability has a CVSS score of 5.3 and currently lacks a publicly available patch.

Blinko, an AI-powered card note-taking application, contains a path traversal vulnerability in its file server endpoint that fails to validate permissions on the temp/ directory and does not filter path traversal sequences (CWE-22). Attackers can exploit this to read arbitrary files on the server, and when scheduled backup tasks are enabled, can access backup files containing all user notes and authentication tokens. The vulnerability affects all versions prior to 1.8.4 and has been patched in the released version 1.8.4.

WWBN AVideo, an open source video platform, contains a critical path traversal vulnerability in the pluginRunDatabaseScript.json.php endpoint that allows authenticated administrators to execute arbitrary SQL queries against the application database. Versions up to and including 26.0 are affected. The vulnerability can also be exploited via CSRF attacks against authenticated admin sessions, enabling unauthenticated attackers to achieve remote code execution or complete database compromise.

WWBN AVideo versions up to and including 26.0 contain an unauthenticated path traversal vulnerability in the locale API endpoint that allows arbitrary PHP file inclusion under the web root. Attackers can achieve confirmed file disclosure and code execution by including existing PHP files, with potential escalation to full remote code execution if they can upload or control PHP files elsewhere in the application tree. The vulnerability has a CVSS score of 8.6 and requires no authentication or user interaction to exploit, though no patch is currently available and there is no evidence of active exploitation in KEV data.

SSCMS 4.7.0's layerImage endpoint allows authenticated attackers to manipulate the filePaths parameter in LayerImageController.Submit.cs, enabling path traversal attacks that can modify or delete arbitrary files on the server. Public exploit code exists for this vulnerability, and no patch is currently available.

The Simple Food Ordering System through version 1.0 allows unauthenticated remote attackers to access sensitive database files through improper access controls in the Database Backup Handler component. Public exploit code exists for this vulnerability, which could enable attackers to retrieve database backups containing sensitive information. Configuration changes are recommended as no patch is currently available.

The JetFormBuilder plugin for WordPress contains a critical path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. All versions up to and including 3.5.6.2 are affected. Attackers can exploit this to exfiltrate sensitive local files as email attachments by submitting crafted form requests with malicious Media Field payloads, with a CVSS score of 7.5 indicating high confidentiality impact.

The Invelity Product Feeds plugin for WordPress contains an arbitrary file deletion vulnerability through path traversal in versions up to and including 1.2.6. Authenticated administrators can be socially engineered into clicking malicious links that delete arbitrary server files due to missing validation in the createManageFeedPage function. No evidence of active exploitation (not in KEV) exists, though the vulnerability is publicly documented with technical details available via WordPress plugin repository references.

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace directory by exploiting improper symlink resolution in path validation checks. An attacker with workspace access can leverage in-workspace symlinks pointing to external targets to bypass boundary restrictions on the first write operation. Public exploit code exists for this vulnerability, and a patch is available.

The EmailKit - Email Customizer for WooCommerce & WP WordPress plugin contains a path traversal vulnerability in the TemplateData class that allows authenticated administrators to read arbitrary files from the server via the 'emailkit-editor-template' REST API parameter. An attacker with Administrator privileges can exploit this flaw to access sensitive files such as wp-config.php or /etc/passwd by supplying directory traversal sequences, with the retrieved file contents stored as post metadata and retrievable through the fetch-data REST API endpoint. The vulnerability affects all versions up to and including 1.6.3, and while it requires high-level administrative access and has a moderate CVSS score of 4.9, it represents a critical information disclosure risk in multi-user WordPress environments.

The Keep Backup Daily WordPress plugin versions up to 2.1.1 contain a limited path traversal vulnerability in the `kbd_open_upload_dir` AJAX action that allows authenticated administrators to enumerate arbitrary directories on the server. An attacker with Administrator-level access can exploit insufficient sanitization of the `kbd_path` parameter (using only `sanitize_text_field()` which does not prevent path traversal sequences) to list directory contents outside the intended uploads directory. While the CVSS score of 2.7 is low and exploitation requires high-privilege Administrator access, the vulnerability represents a real information disclosure risk in multi-user WordPress environments or where administrator accounts are compromised.

Halloy, a Rust-based IRC application, contains a path traversal vulnerability in its DCC (Direct Client-to-Client) receive functionality that fails to sanitize filenames from incoming DCC SEND requests prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6. Remote IRC users can exploit this vulnerability to write files outside the configured save directory using path traversal sequences like ../../.ssh/authorized_keys, potentially allowing arbitrary file placement on the victim's system with zero user interaction if auto-accept is enabled. The vulnerability has been patched and is tracked under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).

The Kubernetes NFS CSI Driver fails to properly validate the subDir parameter in volume identifiers, allowing privileged users to inject path traversal sequences that bypass intended directory restrictions. Attackers with PersistentVolume creation privileges can craft malicious volume identifiers to access and modify arbitrary directories on the NFS server during cleanup operations. No patch is currently available for this medium-severity vulnerability affecting Kubernetes environments.

The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenticated remote attackers to read arbitrary files accessible to the server process, including sensitive system files, application configurations, and credentials. Red Hat OpenShift AI (RHOAI) deployments are confirmed affected across multiple versions. The vulnerability is rated 7.5 (High) with network-based exploitation requiring no authentication or user interaction, though no active exploitation (KEV) or public proof-of-concept is currently documented.

A Cross-Site Request Forgery (CSRF) vulnerability in the AVideo platform's plugin upload endpoint allows unauthenticated attackers to achieve Remote Code Execution by tricking authenticated administrators into visiting a malicious webpage. The vulnerability combines missing CSRF token validation on the pluginImport.json.php endpoint with explicitly configured SameSite=None session cookies over HTTPS, enabling cross-origin session hijacking. A proof-of-concept exploit has been published demonstrating full compromise by uploading a malicious plugin containing a PHP webshell.

Path traversal in Langflow's /profile_pictures endpoint allows unauthenticated remote attackers to read the application's secret_key through directory traversal in the folder_name parameter. Since the secret_key is used for JWT authentication, attackers can forge valid tokens to gain unauthorized system access. Public exploit code exists for this vulnerability and no patch is currently available.

Ory Oathkeeper, an identity and access proxy, contains an authorization bypass vulnerability via HTTP path traversal that allows attackers to access protected resources without authentication. The vulnerability affects Ory Oathkeeper installations where the software uses un-normalized paths for rule matching, enabling requests like '/public/../admin/secrets' to bypass authentication requirements. With a CVSS score of 10.0 (Critical) and network-based exploitation requiring no privileges or user interaction, this represents a severe authentication bypass, though no current EPSS score or KEV listing indicates limited evidence of active exploitation at this time.

The AVideo platform contains a path traversal vulnerability in the objects/import.json.php endpoint that allows authenticated users with upload permissions to bypass directory restrictions and access any MP4 file on the filesystem. Attackers can steal private videos from other users, read adjacent text/HTML files containing video metadata, and delete video files if writable by the web server. A detailed proof-of-concept is publicly available in the GitHub security advisory, and the vulnerability affects all instances where authenticated users have upload permissions, which is the default configuration.

An unauthenticated directory traversal vulnerability exists in Siyuan kernel's /appearance/ endpoint, allowing remote attackers to read arbitrary files accessible to the server process without authentication. The vulnerability affects the Go-based Siyuan note-taking application (github.com/siyuan-note/siyuan/kernel) and has been assigned a CVSS score of 7.5 (High). A working proof-of-concept exploit is publicly available demonstrating successful file retrieval via crafted URLs containing path traversal sequences, and a patch has been released by the vendor.

Cryptomator versions 1.6.0 through 1.19.0 contain a path traversal vulnerability in vault configuration parsing where the masterkeyfile loader resolves an unverified keyId parameter as a filesystem path before integrity checks are performed. An attacker with the ability to supply a malicious vault configuration can exploit this to trigger arbitrary file existence checks, including UNC paths on Windows that can initiate outbound SMB connections before the user even enters a passphrase, potentially leading to information disclosure about local file structure and network exposure. The vulnerability has been patched in version 1.19.1, and while no active KEV exploitation has been reported, the low attack complexity and the ability to chain this with social engineering (malicious vault sharing) makes it a moderate practical risk.

Stirling-PDF, a locally hosted web application for PDF operations, contains a path traversal vulnerability in the /api/v1/convert/markdown/pdf endpoint that allows authenticated users to write arbitrary files outside the intended directory. Versions prior to 2.5.2 are affected, enabling attackers to overwrite writable files with the privileges of the stirlingpdfuser process account, compromising data integrity and potentially availability. The vulnerability has been patched in version 2.5.2, and while CVSS rates it 8.1 (High), authentication is required which reduces immediate risk.

A Path Traversal vulnerability exists in the ilGhera Carta Docente for WooCommerce plugin for WordPress (versions up to and including 1.5.0) that allows authenticated administrators to delete arbitrary files on the server through insufficient validation of the 'cert' parameter in the 'wccd-delete-certificate' AJAX action. An attacker with administrator privileges can exploit this to delete critical files such as wp-config.php, leading to site takeover and potential remote code execution. The vulnerability has been documented by Wordfence security researchers and affects all versions from release through 1.5.0, with a patch available in version 1.5.1 and later.

SiYuan personal knowledge management system versions 3.6.0 and below contain a path traversal vulnerability that allows authenticated attackers to exfiltrate arbitrary readable files from the system. An attacker with low-level privileges can exploit the /api/lute/html2BlockDOM endpoint to copy sensitive files to the workspace assets directory via malicious file:// links in pasted HTML, then retrieve them through the authenticated GET /assets/ endpoint. This is a critical vulnerability with a CVSS score of 9.9 due to its potential for high confidentiality impact and scope change, though no active exploitation (KEV) or public proof-of-concept has been documented.

pyLoad, a free and open-source download manager written in Python, contains a path traversal vulnerability in versions before 0.5.0b3.dev97 that allows arbitrary file deletion outside the extraction directory during password verification of encrypted 7z archives with non-encrypted headers. Attackers can exploit this vulnerability remotely with low complexity, requiring only user interaction, to delete arbitrary files on the system. This is assigned CVE-2026-32808 with a CVSS score of 8.1 (High severity), though no active exploitation (KEV) or public proof-of-concept has been reported at this time.

Path traversal in pydicom versions 2.0.0-rc.1 through 3.0.1 allows local attackers to read, copy, or delete arbitrary files outside the File-set root directory by crafting malicious ReferencedFileID values in DICOMDIR files. The vulnerability exists because pydicom fails to validate that resolved file paths remain within the intended File-set root before performing file I/O operations like copy(), write(), and remove(). No patch is currently available for affected versions.

Spring Framework applications using Java scripting engines (JRuby, Jython) for template views in Spring MVC or Spring WebFlux can leak sensitive file contents from outside intended directories through path traversal. Affected versions include 7.0.0-7.0.5, 6.2.0-6.2.16, 6.1.0-6.1.25, and 5.3.0-5.3.46, with no patch currently available. An unauthenticated remote attacker can read arbitrary files on the system with confidentiality impact.

File Thingie version 2.5.7 contains a directory traversal vulnerability in its 'create folder from URL' functionality that allows unauthenticated attackers to read arbitrary files from the target system. An attacker can exploit this path traversal flaw by crafting malicious input to the folder creation feature, bypassing directory restrictions and accessing sensitive files outside the intended application directory. Proof-of-concept code is available in public repositories, and while CVSS and EPSS scores are not published, the vulnerability enables direct unauthorized information disclosure.

A path traversal vulnerability in the component /Controllers/RestController.php of DreamFactory Core (CVSS 7.2) that allows attackers. High severity vulnerability requiring prompt remediation.

Path traversal in SuiteCRM's ModuleBuilder module (versions prior to 7.15.1 and 8.9.3) allows authenticated administrators to read arbitrary files from the server by manipulating the `$modules` and `$name` parameters, which are improperly validated before being used in file operations. An attacker with ModuleBuilder access can exploit this to copy sensitive files from any readable directory into the web root, exposing their contents through the web server.

OpenClaw gateway plugin versions before 2026.2.26 allow remote attackers to bypass authentication by exploiting path traversal in the /api/channels endpoint through encoded dot-segment sequences. Attackers can manipulate these paths to access protected plugin routes that should be restricted, gaining unauthorized access to sensitive channel functionality. No patch is currently available for this medium-severity vulnerability.

OpenClaw versions before 2026.2.24 allow authenticated attackers to bypass path traversal protections by using @-prefixed absolute paths that evade workspace boundary validation, enabling unauthorized file access outside the intended directory scope when workspace-only restrictions are configured. The vulnerability stems from a canonicalization mismatch that fails to properly validate these specially-crafted paths, allowing attackers to read arbitrary files on the system.

OpenClaw versions before 2026.2.19 allow remote file disclosure when iMessage remote attachment fetching is enabled, as the stageSandboxMedia function fails to properly validate attachment paths and accepts arbitrary absolute paths. An attacker with the ability to manipulate attachment metadata can read files accessible to the OpenClaw process on the configured remote host via SCP. No patch is currently available for this vulnerability.

OpenClaw versions prior to 2026.2.26 contain a critical authorization bypass vulnerability where Direct Message (DM) pairing-store identities are incorrectly reused to satisfy group-level sender allowlist authorization checks. An attacker with valid DM pairing credentials can send messages to groups without being explicitly listed in the group's allowFrom access control list, effectively bypassing group message access controls. This vulnerability requires authenticated access (PR:L) but enables high-confidence information disclosure (C:H), with a CVSS score of 6.5 reflecting the combination of network accessibility and authentication requirement.

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability (CWE-22: Path Traversal) in sandbox media handling that allows attackers with low privileges to read and exfiltrate arbitrary files from the host temporary directory. An authenticated attacker can exploit this by crafting malicious media references delivered through attachment mechanisms, bypassing sandbox isolation to access sensitive files outside the intended sandbox root. No active exploitation in the wild (KEV status unknown), but proof-of-concept code references are available in GitHub commit history.

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads.

OpenClaw versions before 2026.2.23 allow authenticated users with sandbox access to bypass workspace restrictions through a path traversal flaw in the apply_patch tool, enabling arbitrary file modification on the system. The vulnerability stems from inconsistent validation of mounted paths outside the workspace directory, permitting attackers to write to writable mounts beyond the intended sandbox boundaries. No patch is currently available for this MEDIUM severity issue.

Improper path sanitization in OpenEMR's DICOM export feature prior to version 8.0.0.2 allows authenticated users with DICOM permissions to write arbitrary files outside the intended directory through path traversal sequences. An attacker could exploit this to place malicious PHP files within the web root, potentially achieving remote code execution. The vulnerability requires valid credentials but poses significant risk to systems containing sensitive healthcare data.

Path traversal in Apple and Kubernetes DAG management APIs allows authenticated attackers to access arbitrary files outside the intended directory by injecting URL-encoded forward slashes into file name parameters on GET, DELETE, RENAME, and EXECUTE endpoints. The vulnerability affects systems where a previous patch (CVE-2026-27598) only secured the CREATE endpoint while leaving other API functions unprotected. An attacker with valid credentials can read, modify, or execute unintended DAG files on the affected system.

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

Arbitrary file deletion in PHP CloneSite plugin allows authenticated attackers to bypass path validation and remove critical files via path traversal in the deleteDump parameter, causing denial of service or facilitating privilege escalation attacks. An attacker with valid clone credentials can leverage unvalidated input passed directly to unlink() to delete arbitrary files including configuration.php and other security-critical application files. No patch is currently available for this vulnerability.

Unauthenticated attackers can stream any private or paid video in PHP, Oracle, and Apple applications through a path traversal vulnerability in the HLS streaming endpoint. The flaw exploits a split-oracle condition where authorization validation and file access use different parsing logic on the videoDirectory parameter, allowing attackers to bypass authentication checks while accessing unauthorized content. No patch is currently available for this high-severity vulnerability.

PyMuPDF versions up to 1.26.5 allow unauthenticated remote attackers to write arbitrary files to the system through path traversal in the embedded get function. This vulnerability enables denial of service attacks and potential system compromise without requiring authentication or user interaction. No patch is currently available.

The ThemeGoods Photography WordPress theme through version 7.7.5 permits authenticated administrators to upload arbitrary files with path traversal capabilities, enabling remote code execution and complete site compromise. While the CVSS score of 7.2 indicates high severity, the requirement for high-privileged admin credentials (PR:H) significantly constrains real-world exploitability. The EPSS score of 0.04% (12th percentile) suggests minimal likelihood of active exploitation, with no public exploit code identified at time of analysis.

A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attackers to access arbitrary files on the underlying system and manipulate them to gain account access. This vulnerability affects Ubiquiti's UniFi Network Application with a maximum CVSS score of 10.0, indicating critical severity with network-based exploitation requiring no user interaction or privileges. The vulnerability was reported through HackerOne, suggesting responsible disclosure, though current exploitation status in the wild is not confirmed.

Nginx's path traversal vulnerability enables unauthenticated remote attackers to bypass proxy routing controls and access unintended backend resources by exploiting improper normalization of encoded path sequences. The flaw allows attackers to reach protected endpoints and administrative interfaces that should be restricted through the proxy's access controls. A patch is available for this high-severity issue with a CVSS score of 7.5.

The `listFiles.json.php` endpoint in AVideo accepts an unsanitized POST parameter `path` and passes it directly to PHP's `glob()` function without restricting traversal to an allowed base directory, enabling authenticated uploaders to enumerate `.mp4` files anywhere on the server filesystem. An attacker with the standard `canUpload` permission can discover private, premium, or access-controlled video files stored outside the intended upload directory by supplying arbitrary absolute paths, revealing both filenames and full filesystem paths that may aid further exploitation. A proof-of-concept is available demonstrating traversal from the web root to arbitrary locations such as `/var/private/premium-content/` and the root filesystem.

NLTK downloader contains a path traversal vulnerability that allows remote attackers to write arbitrary files to any location on the filesystem when a user downloads packages from a malicious server. Attackers controlling a remote XML index server can inject path traversal sequences (../) into package metadata to overwrite critical system files including /etc/passwd or SSH authorized_keys. A working proof-of-concept exploit exists demonstrating arbitrary file creation at /tmp/test_file.zip via malicious server and client script.

A arbitrary file access vulnerability in the test connection function of backend database management in wgcloud (CVSS 7.5). High severity vulnerability requiring prompt remediation.

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the...

MLflow, a popular open-source machine learning lifecycle platform, contains a path traversal vulnerability in its pyfunc extraction process that allows arbitrary file writes. The vulnerability stems from unsafe use of tarfile.extractall without proper path validation, enabling attackers to craft malicious tar.gz files with directory traversal sequences or absolute paths to write files outside the intended extraction directory. This poses critical risk in multi-tenant environments and can lead to remote code execution, with a CVSS score of 8.1 and confirmed exploit details available via Huntr.

The Tekton Pipelines git resolver contains a path traversal vulnerability allowing authenticated tenants to read arbitrary files from the resolver pod's filesystem via the pathInRepo parameter. Affected products include github.com/tektoncd/pipeline versions 1.0.0 through 1.10.0 across multiple release branches. The vulnerability enables credential exfiltration and privilege escalation from namespace-scoped access to cluster-wide secret reading capabilities. A proof-of-concept was provided by the vulnerability reporter Oleh Konko.

Docker's IsSensitivePath() function uses an incomplete denylist that fails to restrict access to sensitive directories including /opt, /usr, /home, /mnt, and /media, allowing authenticated users with high privileges to read arbitrary files outside the intended workspace through the globalCopyFiles and importStdMd endpoints. An attacker with administrative credentials could exploit this path traversal vulnerability to access sensitive configuration files and data from other users or mounted volumes. No patch is currently available for this medium-severity issue.

A NULL pointer dereference vulnerability in free5GC v4.0.1's UDM (Unified Data Management) service allows remote attackers to crash the service via a crafted POST request to the /sdm-subscriptions endpoint containing path traversal sequences and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go fails to validate pointers before dereferencing, causing complete service disruption requiring manual restart. All deployments of free5GC v4.0.1 utilizing UDM HTTP callback functionality are affected, and a patch is available via PR free5gc/udm#78.

A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

Authenticated Control Panel users can read arbitrary JSON, YAML, and CSV files from the server by manipulating the filename parameter in the fieldtype endpoint, resulting in unauthorized information disclosure. The vulnerability requires valid authentication credentials and affects versions prior to 5.73.14 and 6.7.0. No patch is currently available for affected deployments.

Path traversal in Allure report generator for Jenkins allows unauthenticated attackers to read arbitrary files from the host system by crafting malicious test result files with specially crafted attachment paths. The vulnerability stems from insufficient path validation when processing attachments during report generation, enabling sensitive files to be included in generated reports. A patch is not currently available.

Path traversal in ApostropheCMS import-export module allows authenticated users with content modification permissions to write files outside the intended export directory via malicious archive entries containing directory traversal sequences. An attacker with editor-level access can exploit this vulnerability to overwrite arbitrary files on the system with CVSS 9.9 critical severity. No patch is currently available for this vulnerability affecting Node.js environments.

The pkgutil.get_data() function in CPython fails to properly validate the resource argument, enabling path traversal attacks that allow unauthorized information disclosure. This vulnerability affects CPython across multiple versions and could permit attackers to read arbitrary files from the system where Python code is executing. A patch is available from the Python Software Foundation, and the vulnerability has been documented with proof-of-concept references in the official CPython repository.

OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation bypass vulnerability that allows local attackers with low privileges to circumvent allowed-root and blocked-path security checks through symlinked parent directories combined with non-existent leaf paths. An attacker can craft bind source paths that appear to reside within permitted sandbox roots but resolve outside sandbox boundaries once missing path components are created, effectively weakening the sandbox's bind-source isolation enforcement. A patch is available from the vendor, and exploitation requires local access with standard user privileges, making this a practical threat in multi-tenant or shared-system environments.

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability that allows authenticated attackers to read arbitrary files from the host system through the sendAttachment and setGroupIcon message actions when sandboxRoot configuration is unset. An attacker with valid credentials can exploit path traversal to hydrate media from absolute file paths, gaining unauthorized access to sensitive files accessible by the OpenClaw runtime user. A patch is available from the vendor, and this vulnerability has been tracked in the ENISA EUVD database (EUVD-2026-12732) with confirmed GitHub security advisory and commit-level patch information.

OpenClaw contains a path traversal vulnerability in the Feishu media download functionality where untrusted media key values are directly interpolated into temporary file paths without sanitization. OpenClaw versions prior to 2026.2.19 are affected, allowing remote unauthenticated attackers to write arbitrary files within the process permissions by using directory traversal sequences in media keys. No public evidence of active exploitation (KEV) or public proof-of-concept exists at this time, though the high CVSS score of 8.2 reflects the network-accessible attack vector and lack of authentication requirements.

Unauthenticated attackers can read arbitrary files on systems running Ray versions before 2.8.1 by exploiting a path traversal flaw in the Dashboard's static file handler on port 8265. The vulnerability stems from insufficient input validation that allows directory traversal sequences to bypass access controls, and public exploit code is available. No patch has been released, leaving affected Ray deployments vulnerable to local information disclosure.

Privilege escalation in Wazuh Manager versions 3.9.0 through 4.14.2 allows authenticated cluster nodes to achieve unauthenticated root code execution by exploiting insecure file permissions in the cluster synchronization protocol. An attacker with cluster node access can overwrite the manager's configuration file to inject malicious commands that are subsequently executed with root privileges by the logcollector service. This vulnerability affects multi-node Wazuh deployments and has no available patch.

Agent Zero 0.9.7-10's get_abs_path function in python/helpers/files.py is vulnerable to path traversal, allowing authenticated remote attackers to access files outside intended directories with limited confidentiality impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433.

The DTrace dtprobed component contains a path traversal vulnerability (CWE-22) that allows local attackers with limited privileges to create arbitrary files on the system by supplying crafted USDT provider names. This vulnerability affects Oracle Linux 8, 9, and 10, and while it carries a CVSS score of 5.5, the EPSS score of 0.01% (percentile 2%) indicates very low exploitation probability in the wild, with no evidence of active exploitation or public proof-of-concept code.

Path traversal in the webserver's archive extraction function allows unauthenticated remote attackers to write files outside the intended directory by crafting malicious tar archives, due to incomplete path validation in the sanitizeArchivePath function. The vulnerability affects the download command's decompression functionality and could enable arbitrary file placement on the system. A patch is available.

ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint.

Path traversal in the `extractor` CLI tool and `extract.DumpOTelCollector` library function allows attackers to write files outside the intended extraction directory by exploiting an incomplete path validation check in the `sanitizeArchivePath` function. A maliciously crafted tar archive can bypass the prefix check and place arbitrary files on the system when processed. A patch is available to address the missing trailing path separator validation.

Path traversal in the resourcePatchHandler allows authenticated users with Create or Rename permissions to bypass access control rules by injecting path traversal sequences (`..\`) into PATCH requests, since validation occurs before path normalization. An attacker can exploit this to copy or rename files to restricted directories that should be protected by administrator-configured deny rules. No patch is currently available.

SiYuan Note contains an unrestricted path traversal vulnerability in the POST /api/import/importStdMd endpoint that allows authenticated administrators to recursively import arbitrary files from the host filesystem into the workspace database without any validation or blocklisting. Affected versions of SiYuan (pkg:go/github.com_siyuan-note_siyuan) allow admin users to permanently store sensitive files such as /proc/, /etc/, /run/secrets/, and other system directories as searchable note content, making them accessible to other workspace users including those with limited privileges. A proof-of-concept has been published demonstrating import of /proc/1/ and /run/secrets/, and when chained with separate SQL injection vulnerabilities in the renderSprig template function, non-admin users can retrieve imported secrets without additional privileges.

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Administrative users of Docker and PostgreSQL deployments can exploit an incomplete path validation in the `POST /api/file/globalCopyFiles` endpoint to copy sensitive files like container environment variables and Docker secrets from restricted locations (`/proc/`, `/run/secrets/`) into the workspace, where they become readable via standard file APIs. The vulnerability stems from reliance on a blocklist-based validation mechanism that fails to prevent access to these critical system paths. Since no patch is currently available, organizations should restrict administrative access to the affected API endpoint until an update is released.

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files

Path traversal in Craft CMS AssetsController allows authenticated users with replaceFiles permission to delete arbitrary files on local filesystems by injecting directory traversal sequences into the targetFilename parameter, potentially affecting files across multiple volumes sharing the same filesystem root. The vulnerability exists because user input is processed by deleteFile() before proper sanitization is applied. Users should upgrade to Craft 4.17.5 or 5.9.11 to resolve this issue.

Path traversal in ThingsGateway 12's /api/file/download endpoint allows authenticated users to read arbitrary files through manipulation of the fileName parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

A path traversal vulnerability exists in SSCMS versions up to 7.4.0 within the PathUtils.RemoveParentPath function of the plugin download API endpoint (/api/admin/plugins/install/actions/download). An authenticated administrator with high privileges can manipulate the path argument to traverse the file system and access or modify files outside the intended directory, potentially leading to information disclosure or system compromise. The vulnerability has public proof-of-concept code available, though the CVSS score of 3.8 is relatively low due to the requirement for authenticated administrative access, making this a lower-priority but still exploitable issue in environments where admin credentials may be compromised.

A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability requiring prompt remediation.

Galaxy Store versions prior to 4.6.03.8 contain a path traversal vulnerability that enables local attackers to create files with Galaxy Store privileges. This could allow an attacker with local access to escalate their capabilities by writing malicious files in unintended locations. No patch is currently available for this issue.

Galaxy Store versions prior to 4.6.03.8 contain an access control flaw that enables local attackers to create files with elevated Galaxy Store privileges. This vulnerability affects local users on affected devices and could allow privilege escalation or persistence mechanisms. No patch is currently available.

Privilege escalation vulnerability in ZKTeco ZKAccess Professional 3.5.3 (Build 0005) where authenticated users can modify executable files due to insecure permissions, allowing them to replace binaries with malicious code and gain elevated privileges. Multiple public exploits are available (exploit-db, PacketStorm) making this a high-risk vulnerability for organizations using this access control software, despite no current KEV listing or EPSS data.

AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import functionality that fails to validate file paths during ZIP extraction. An authenticated attacker with high privileges can craft a malicious ZIP file containing path traversal sequences that, when imported via the community hub, extract files outside the intended directory and achieve arbitrary code execution on the server. While the CVSS score is moderate (4.2) due to high privilege requirements and user interaction, the vulnerability enables code execution and should be addressed promptly.

An unauthenticated path traversal vulnerability in PX4 Autopilot's MAVLink FTP implementation (CWE-22) allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on flight controller filesystems without authentication or privilege requirements. Affected versions are prior to 1.17.0-rc2, impacting both NuttX-based flight controllers and POSIX targets (Linux companion computers and SITL simulation environments). Attackers with network access to MAVLink communication channels can exploit this vulnerability to compromise flight controller integrity, extract sensitive configuration data, or inject malicious firmware.

IceWarp collaboration platform contains an unauthenticated directory traversal vulnerability that allows remote attackers to read sensitive files from the server. The flaw exists in HTTP request handling, enabling access to configuration files, user data, and potentially email contents stored on the server.

Critical authentication bypass vulnerability in Unraid's auth-request.php file that allows remote attackers to gain unauthorized access without credentials through path traversal exploitation. The vulnerability affects all versions of Unraid (CPE indicates no version restrictions) and can be exploited over the network with low complexity, potentially compromising system confidentiality, integrity, and availability. No KEV listing or EPSS data was provided, suggesting this may be a recently disclosed vulnerability without known active exploitation.