Path Traversal

Critical path traversal vulnerability in Unraid's update.php file that allows authenticated remote attackers to execute arbitrary code as root. The vulnerability affects all versions of Unraid (per CPE data) and was discovered by Zero Day Initiative (ZDI-CAN-28951). With a CVSS score of 8.8 and requiring only low privileges, this represents a severe risk for Unraid installations.

Arbitrary file write vulnerability in Calibre's RocketBook input plugin enables attackers to write files to any location accessible by the Calibre process when a user opens or converts a malicious .rb file. The path traversal flaw affects versions prior to 9.5.0 and represents an unpatched instance of the same vulnerability class previously fixed in the PDB reader component. Local attackers can leverage this to corrupt files, modify configuration, or potentially achieve code execution depending on file system permissions.

SFTPGo versions prior to 2.7.1 contain a path normalization vulnerability (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that allows authenticated attackers to bypass folder-level permissions and escape Virtual Folder boundaries through crafted file paths. An attacker with valid credentials can exploit this authorization bypass to access files and directories beyond their intended scope. The vulnerability has been patched in version 2.7.1 with strict edge-level path normalization, and while no public POC or KEV status has been disclosed, the CVSS 5.3 (network-accessible, low complexity) and requirement for prior authentication suggest this is a real but moderate-priority issue.

Remote code execution in Clasp versions below 3.2.0 allows unauthenticated attackers to execute arbitrary code by uploading Google Apps Script projects with specially crafted filenames that exploit path traversal weaknesses. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires minimal user interaction and affects Google's Clasp tooling across all configurations.

Path traversal via dagRunId in DAG execution endpoints.

Apache Livy versions 0.3.0 through 0.8.x contain a path traversal vulnerability (CWE-22) that allows authenticated attackers to bypass directory restrictions and access files outside intended whitelist boundaries. The vulnerability only manifests when the 'livy.file.local-dir-whitelist' configuration parameter is set to a non-default value, enabling attackers with valid credentials to read, write, or execute arbitrary files on the server. With a CVSS score of 6.3 (moderate severity) reflecting the requirement for authenticated access and limited impact scope, this vulnerability warrants prioritization for organizations using Livy in multi-tenant or untrusted user environments.

Squeeze versions 1.7.7 and earlier contain a path traversal vulnerability that allows authenticated attackers to access files outside the intended directory through manipulated file paths. An attacker with valid credentials could leverage this flaw to read sensitive files on the affected system, though code execution and data modification are not possible.

The Erlang OTP ssh_sftpd module contains a path traversal vulnerability in the is_within_root/2 function that uses string prefix matching instead of proper path component validation to verify if accessed paths are within the configured root directory. An authenticated SFTP user can exploit this to access sibling directories sharing a common name prefix with the root directory (for example, if root is /home/user1, accessing /home/user10 or /home/user1_backup would succeed when it should fail). This vulnerability affects OTP versions 17.0 through 28.4.1 with corresponding SSH versions 3.0.1 through 5.5.1, with no confirmed active exploitation in the wild (KEV status not indicated as actively exploited) but with a moderate CVSS score of 5.3 reflecting the requirement for prior authentication.

Black writes a cache file, the name of which is computed from various formatting options. The value of the `--python-cell-magics` option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1. Do not allow untrusted user input into the value of the `--python-cell-magics` option.

Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request. - What happens: Path validation can miss dangling symlink components during traversal checks. - Why it matters: A symlink that is unresolved at validation time can later resolve to an external location. - Impact: Read and write operations may escape workspace boundaries. - Affected area: src/security/path.rs (check_symlink_escape). - What happens: The path is validated first, then used later for filesystem operations. - Why it matters: A concurrent filesystem change can swap path components after validation but before open/write. - Impact: Race-based workspace escape is possible. - Affected area: Filesystem and file-consuming tools that call validate_path_in_workspace before I/O. - What happens: A file inside workspace can be a hardlink to an inode outside the intended workspace trust boundary. - Why it matters: Prefix and symlink checks can pass while data access still mutates or reads external content. - Impact: Policy bypass for read/write operations. - Affected area: Any tool that reads or writes via validated paths. | ID | Risk | Severity | Likelihood | Impact | |---|---|---|---|---| | R1 | Dangling symlink component bypass | High | Medium | Workspace boundary escape for read/write | | R2 | Validate/use TOCTOU race | High | Medium | Race-based boundary escape during file I/O | | R3 | Hardlink alias bypass | Medium | Low-Medium | External inode read/write through in-workspace path | 1. Create a symlink inside workspace pointing to a missing target. 2. Validate a path traversing that symlink. 3. Create the target directory outside workspace after validation. 4. Perform file operation and observe potential boundary escape if not fail-closed. 1. Validate a candidate in-workspace path. 2. Before open/write, replace an intermediate component with a link to external location. 3. Continue with the file operation. 4. Observe boundary escape if operation trusts only stale validation result. 1. Place a hardlink inside workspace that points to an external inode. 2. Validate the in-workspace hardlink path. 3. Read or write through this path. 4. Observe external inode access through a path that appears in-scope. Unauthorized cross path boundary [@zpbrent](https://github.com/zpbrent) [f50c17e11ae3e2d40c96730abac41974ef2ee2a8](https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8)

Remote code execution in Dataease prior to version 2.10.20 allows authenticated attackers to execute arbitrary code by manipulating the IniFile parameter to load malicious JDBC configuration files through the Redshift driver. An attacker with valid credentials can exploit the aggressive configuration file discovery mechanism to inject dangerous JDBC properties and gain complete system compromise. No patch is currently available, leaving affected deployments vulnerable to this high-severity attack vector.

Magic Wormhole versions 0.21.0 through 0.22.x allow malicious senders to overwrite arbitrary files on a receiver's system during file transfer operations, potentially compromising SSH keys and shell configuration files. This path traversal vulnerability (CWE-22) requires the attacker to control the sending side of the transfer and affects any user receiving files from an untrusted source. No patch is currently available for this HIGH severity vulnerability.

High severity vulnerability in TinaCMS. The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory.

TinaCMS CLI dev server combines a permissive CORS policy (Access-Control-Allow-Origin: *) with path traversal to enable drive-by attacks. A remote attacker can enumerate, write, and delete files on a developer's machine simply by having them visit a malicious webpage. PoC available.

High severity vulnerability in TinaCMS. ## Affected Package

Medium severity vulnerability in TinaCMS. ### Description

A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. [CVSS 3.8 LOW]

OpenBMB XAgent 1.0.0 contains a path traversal vulnerability in the workspace router that allows unauthenticated remote attackers to manipulate the file_name parameter and access or modify arbitrary files on the system. Public exploit code is available for this vulnerability, which affects the integrity and availability of the application. The vendor has not yet released a patch despite early notification of the issue.

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. [CVSS 7.5 HIGH]

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. [CVSS 7.5 HIGH]

Stored XSS via path traversal in Splunk Enterprise and Cloud Platform allows low-privileged users to inject malicious JavaScript into Views, compromising any user who visits the affected page. An attacker must socially engineer a victim into initiating the malicious request, but no special privileges or user interaction beyond initial page load is required. Affected versions include Splunk Enterprise below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, with no patch currently available.

OpenProject versions prior to 17.2.0 allow authenticated users with BCF import permissions to read arbitrary files from the server through path traversal in crafted .bcf archive uploads. An attacker can manipulate the Snapshot field in markup.bcf to reference absolute or traversal paths (such as /etc/passwd), enabling unauthorized file disclosure within the application's read permissions. This vulnerability requires valid project member credentials and no patch is currently available.

Path traversal in Vociferous speech-to-text tool before 4.4.2. CVSS 10.0.

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal.

OpenClaw versions before 2026.2.17 allow privileged users with config modification access to read arbitrary files on the system through path traversal in the $include directive. An attacker in this position can exploit absolute paths, directory traversal sequences, or symlinks to access sensitive data like API keys and credentials that the OpenClaw process can read. No patch is currently available for this medium-severity vulnerability.

OpenClaw versions before 2026.2.14 allow authenticated attackers to bypass filesystem restrictions in the apply_patch function through path traversal, enabling arbitrary file write and deletion operations outside the intended workspace. The vulnerability requires an authenticated user but no additional user interaction, and affects systems with apply_patch enabled without sandbox containment. No patch is currently available.

Adobe Commerce and Magento versions 2.4.9-alpha3 through 2.4.4-p16 contain a path traversal vulnerability that allows high-privileged attackers to bypass security controls and access files outside intended directories. The vulnerability requires administrative credentials but no user interaction for exploitation, potentially exposing sensitive data. No patch is currently available for affected versions.

Arbitrary file write in OliveTin prior to 3000.11.2 allows authenticated attackers to write files to arbitrary filesystem locations via path traversal in the UniqueTrackingId parameter when the saveLogs feature is enabled. The vulnerability enables denial of service and potential system compromise through log file manipulation. Public exploit code exists and no patch is currently available.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.serve_static function is vulnerable to path traversal because sanitization runs before percent-decoding.

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. versions up to 10.25.0 is affected by path traversal.

MCP Atlassian server has a path traversal vulnerability enabling unauthorized access to Confluence and Jira data outside the intended scope.

Appium's ZIP extraction function in @appium/support versions prior to 7.0.6 fails to properly enforce path traversal protections, allowing attackers to extract malicious ZIP files that write arbitrary files outside the intended directory. The vulnerability stems from an Error object that is created but never thrown, enabling Zip Slip attacks across all JavaScript-based extraction operations. An attacker can exploit this by crafting a malicious ZIP archive to overwrite sensitive files on systems using affected versions.

Unauthenticated path traversal in OneUptime versions before 10.0.21 allows remote attackers to read arbitrary files from the server via the /workflow/docs/:componentName endpoint, which fails to sanitize user input before passing it to file operations. Public exploit code exists for this vulnerability, affecting all users of vulnerable versions without authentication requirements. Upgrade to version 10.0.21 or later to remediate.

Flare versions before 1.7.3 contain a path traversal vulnerability in the avatar endpoint that allows authenticated users to read arbitrary files from the application container by exploiting unsanitized filename parameters. Any user with login access, including self-registered accounts on instances with open registration enabled (default configuration), can enumerate and retrieve sensitive files accessible to the Node.js process. The vulnerability requires authentication but poses a significant confidentiality risk on publicly accessible Flare instances without registration restrictions.

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 versions up to 14.14.0 is affected by path traversal.

Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port. [CVSS 5.8 MEDIUM]

The Events Calendar (WordPress plugin) versions up to 6.15.17 is affected by path traversal (CVSS 7.5).

SiYuan prior to 3.5.10 has a path traversal vulnerability enabling arbitrary file access through crafted API requests.

node-tar is a full-featured Tar for Node.js.

Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem.

Path traversal in Budibase low-code platform 3.31.5 and earlier allows attackers to read arbitrary files through the application builder.

An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 7.5 HIGH]

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions up to 26.3.0 is affected by path traversal.

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise. [CVSS 8.8 HIGH]

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system. [CVSS 8.8 HIGH]

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

DoraCMS 3.0.x contains a path traversal vulnerability in the createFileBypath function that allows authenticated attackers to read, write, or delete arbitrary files on the server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows unauthenticated remote attackers to read arbitrary files via a crafted path parameter in the /System/Cms/downLoad endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to remediation efforts.

SourceCodester Modern Image Gallery App 1.0 contains a path traversal vulnerability in the /delete.php file that allows unauthenticated remote attackers to manipulate the filename parameter and access or delete arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability can lead to information disclosure or file deletion on affected systems.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. [CVSS 3.7 LOW]

Unsanitized attachment filenames in eml_parser prior to version 2.0.1 enable path traversal attacks, allowing attackers to write files outside the intended output directory when the example extraction script processes malicious emails. Organizations using the vulnerable example code or similar attachment handling logic are at risk of unauthorized file writes that could overwrite critical files or introduce malicious content. Public exploit code exists for this vulnerability, and a patch is available in version 2.0.1 and later.

Karapace versions before 6.0.0 contain a path traversal vulnerability in the backup restoration functionality that allows attackers to read arbitrary files from the system by crafting malicious backup files. Organizations using Karapace's backup/restore feature with untrusted backup sources are at risk, with the actual impact limited by the file permissions of the Karapace process. No patch is currently available, requiring users to restrict backup sources or disable the backup functionality until version 6.0.0 is released.

Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended SCM provider API e...

Path traversal in Wallos subscription tracker versions prior to 4.6.2 allows unauthenticated remote attackers to read arbitrary files from the hosting system via a malicious url parameter. Public exploit code exists for this vulnerability, which has a high severity CVSS score of 7.5. The vulnerability is patched in version 4.6.2 and later.

Path traversal in dbt-common's tarball extraction function allows attackers to write files outside the intended destination directory by exploiting improper path validation in the safe_extract() method. An attacker can craft a malicious tarball to place files in sibling directories, potentially compromising systems using affected versions of dbt-common in dbt-core and adapter implementations. No patch is currently available for this vulnerability.

Zarf is an Airgap Native Packager Manager for Kubernetes. [CVSS 8.2 HIGH]

Navtor NavBox exposes an unauthenticated path traversal vulnerability in its HTTP service that allows remote attackers to read arbitrary files from the server by submitting requests with absolute filesystem paths. Successful exploitation enables unauthorized disclosure of sensitive configuration files and system information, limited only by the service process privileges. No patch is currently available.

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. [CVSS 6.2 MEDIUM]

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. [CVSS 7.5 HIGH]

EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. [CVSS 7.5 HIGH]

Unauthenticated file read/write via AppEngine Fileaccess over HTTP.

Filesystem access via CROWN REST interface on industrial device. EPSS 0.25%.

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})".

Zip Slip in changedetection.io before 0.54.4 via backup restore. PoC and patch available.

Natro Macro versions prior to 1.1.0 allow any user with message permissions in a Discord channel where Remote Control is enabled to execute arbitrary commands on affected systems, including keyboard and mouse control and unrestricted file access. The vulnerability stems from improper access controls on the remote control feature when configured in non-private channels. No patch is currently available for affected versions.

Path traversal in OpenChatBI before fix. PoC and patch available.

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. [CVSS 8.6 HIGH]

OpenShift versions prior to 1.6.3-alpha contain a path traversal vulnerability in multiple storage helpers that fail to properly validate directory boundaries, allowing authenticated attackers to read, write, or delete arbitrary files on the system. An attacker with valid credentials can exploit insufficient path sanitization to escape the intended base directory and access sensitive data or modify system files. No patch is currently available for affected versions.

Unauthenticated attackers can achieve remote code execution in Idno social publishing platform versions before 1.6.4 by exploiting a chain of import file write and template path traversal vulnerabilities. An attacker with high privileges can leverage command injection to execute arbitrary code on affected systems. A patch is available in version 1.6.4 and should be applied immediately as this vulnerability carries a 7.2 CVSS score.

ParseGamestate.php in Talishar allows unauthenticated remote attackers to read arbitrary files through path traversal in the gameName parameter when the script is accessed directly, bypassing input validation present in primary application entry points. An attacker can exploit this vulnerability to access sensitive files on the affected server without authentication or user interaction. No patch is currently available for this vulnerability.

OpenClaw versions 2026.1.16 through 2026.2.13 allow local attackers to write arbitrary files outside intended directories by supplying malicious archives to the skills, hooks, plugins, or signal installation commands. Successful exploitation enables attackers to achieve code execution or establish persistence on affected systems. A patch is available for affected users.

OpenClaw versions before 2026.2.12 suffer from a path traversal vulnerability in transcript file handling that allows authenticated local users to read and modify arbitrary files on the system by injecting directory traversal sequences into sessionId or sessionFile parameters. An attacker with local access can exploit this to access sensitive files outside the intended agent sessions directory without additional privileges. No patch is currently available for this vulnerability.

OpenClaw versions before 2026.2.13 suffer from a path traversal vulnerability in the browser control API that allows authenticated attackers to write arbitrary files outside designated temporary directories via the trace and download endpoints. An attacker with API access can exploit this to place malicious files in unintended locations on the system. A patch is available to address this high-severity flaw.

OpenClaw versions before 2026.2.14 allow local attackers to write arbitrary files outside the sandbox directory through path traversal sequences in crafted skill package names when sandbox skill mirroring is enabled. An attacker can exploit this by providing a malicious skill package with traversal patterns like ../ or absolute paths in the frontmatter name parameter, potentially compromising system integrity. A patch is available to remediate this vulnerability.

OpenClaw before version 2026.2.14 fails to properly validate file paths when extracting TAR archives, enabling attackers to use path traversal sequences to write files outside the intended extraction directory. An unauthenticated remote attacker can exploit this to overwrite configuration files or inject malicious code into the system. A patch is available for affected versions.

OpenClaw 2026.1.29-beta.1 through 2026.2.0 is vulnerable to path traversal during plugin installation, enabling attackers to write arbitrary files outside the intended extensions directory by crafting malicious package names with traversal sequences. An unauthenticated attacker can exploit this when users execute the plugin install command, potentially achieving arbitrary file write capabilities on the affected system. A patch is available in version 2026.2.1.

Arbitrary JavaScript execution in OpenClaw versions prior to 2026.2.14 results from improper path validation in the hook transform module loader, allowing attackers with configuration write access to load malicious modules with gateway process privileges. The vulnerability affects the hooks.mappings[].transform.module parameter, which fails to restrict absolute paths and directory traversal sequences. A patch is available.

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. [CVSS 5.8 MEDIUM]

Path traversal in D-Link DIR-513 verification code processing. PoC available.

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs. [CVSS 7.5 HIGH]

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Path traversal to RCE in SeppMail web interface via large file transfer. EPSS 0.52%.

Stylemix uListing versions 2.2.0 and earlier contain a path traversal vulnerability that allows authenticated users with high privileges to access files outside the intended directory structure and read sensitive information. The vulnerability requires valid credentials and does not enable file modification or system disruption, limiting its impact to unauthorized information disclosure.

Path traversal in wpWax FormGent plugin versions up to 1.4.2 enables unauthenticated remote attackers to access files outside intended directories. The vulnerability requires no user interaction and can be exploited over the network to cause denial of service or potentially disclose sensitive information. No patch is currently available for this high-severity issue.

Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus is affected by path traversal (CVSS 7.5).

OpenDeck is Linux software for your Elgato Stream Deck. versions up to 2.8.1 is affected by path traversal.

Unauthorized file access in NLTK through path traversal flaws in multiple CorpusReader classes (versions up to 3.9.2) allows unauthenticated attackers to read arbitrary files on affected systems, potentially exposing SSH keys, API tokens, and other sensitive data. The vulnerability affects NLP applications and machine learning APIs that process user-controlled file inputs without proper validation. No patch is currently available.

Improper filename validation in SEPPmail Secure Email Gateway's GINA web interface (versions before 15.0.1) enables unauthenticated remote attackers to access arbitrary files on the gateway through specially crafted encrypted email attachments. This path traversal vulnerability affects the confidentiality of sensitive data stored on affected systems. No patch is currently available.