CWE-24
AllowedPath Traversal: '../filedir'
Abstraction: Variant · Status: Incomplete
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
187 vulnerabilities reference this CWE, most recent first.
CVE-2026-49103 (GCVE-0-2026-49103)
Vulnerability from cvelistv5 – Published: 2026-05-27 14:37 – Updated: 2026-05-27 16:14- CWE-24 - Path Traversal: '../filedir'
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:13:57.114857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:14:12.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"lessThan": "2.640",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.640",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:37:18.786Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/webmin/webmin/commit/cf432879a14568c4bb44cd2f9e5a9bd0e168edc1"
},
{
"url": "https://github.com/webmin/webmin/compare/2.630...2.640"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-49103",
"datePublished": "2026-05-27T14:37:18.786Z",
"dateReserved": "2026-05-27T14:37:18.174Z",
"dateUpdated": "2026-05-27T16:14:12.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44942 (GCVE-0-2026-44942)
Vulnerability from cvelistv5 – Published: 2026-06-18 09:57 – Updated: 2026-06-18 12:09- CWE-24 - Path traversal: '../filedir'
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1267874 | issue-tracking |
| https://www.suse.com/security/cve/CVE-2026-44942.html | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T12:05:47.827082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T12:09:37.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"repo parsing"
],
"packageName": "libzypp",
"product": "libzypp",
"repo": "https://github.com/opensuse/libzypp",
"vendor": "SUSE",
"versions": [
{
"lessThan": "17.38.13",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"lessThan": "16.22.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Andres"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
}
],
"value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T09:57:12.821Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1267874"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.suse.com/security/cve/CVE-2026-44942.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "libzypp .repo files can have an optional path which can lead to path traversal attacks",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44942",
"datePublished": "2026-06-18T09:57:12.821Z",
"dateReserved": "2026-05-08T12:29:48.968Z",
"dateUpdated": "2026-06-18T12:09:37.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41082 (GCVE-0-2026-41082)
Vulnerability from cvelistv5 – Published: 2026-04-16 17:32 – Updated: 2026-07-15 01:00- CWE-24 - Path Traversal: '../filedir'
| URL | Tags |
|---|---|
| https://github.com/ocaml/opam/releases/tag/2.5.1 | |
| https://github.com/ocaml/opam/pull/6897 | |
| https://osv.dev/vulnerability/OSEC-2026-03 | |
| https://lists.debian.org/debian-lts-announce/2026… | |
| https://access.redhat.com/security/cve/CVE-2026-41082 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2459003 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| OCaml | opam |
Affected:
0 , < 2.5.1
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41082",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T16:10:19.452755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T16:10:25.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://osv.dev/vulnerability/OSEC-2026-03"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-21T09:32:52.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00021.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "ocaml-dune",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-16T17:32:40.068Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OCaml opam. A malicious package containing a crafted .install field with directory traversal sequences allows an attacker to write files to arbitrary locations, potentially overwriting system files and causing arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:00:03.411Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-41082"
},
{
"name": "RHBZ#2459003",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459003"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41082.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-16T18:00:56.999Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-16T17:32:40.068Z",
"value": "Made public."
}
],
"title": "ocaml-opam: path traversal via the .install field",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, do not install packages from untrusted sources and manually inspect the .install field in the package source to make sure it does not contain malicious paths."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:opam/opam-format",
"product": "opam",
"vendor": "OCaml",
"versions": [
{
"lessThan": "2.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:52:20.182Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ocaml/opam/releases/tag/2.5.1"
},
{
"url": "https://github.com/ocaml/opam/pull/6897"
},
{
"url": "https://osv.dev/vulnerability/OSEC-2026-03"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-41082",
"datePublished": "2026-04-16T17:32:40.068Z",
"dateReserved": "2026-04-16T17:32:39.584Z",
"dateUpdated": "2026-07-15T01:00:03.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40318 (GCVE-0-2026-40318)
Vulnerability from cvelistv5 – Published: 2026-04-16 22:54 – Updated: 2026-04-18 02:48- CWE-24 - Path Traversal: '../filedir'
| URL | Tags |
|---|---|
| https://github.com/siyuan-note/siyuan/security/ad… | x_refsource_CONFIRM |
| https://github.com/siyuan-note/siyuan/releases/ta… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| siyuan-note | siyuan |
Affected:
< 3.6.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-18T02:48:39.353003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-18T02:48:57.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "siyuan",
"vendor": "siyuan-note",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal sequences such as ../ into the id value to escape the intended directory and delete arbitrary .json files on the server, including global configuration files and workspace metadata. This issue has been fixed in version 3.6.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T22:54:47.881Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vw86-c94w-v3x4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vw86-c94w-v3x4"
},
{
"name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4"
}
],
"source": {
"advisory": "GHSA-vw86-c94w-v3x4",
"discovery": "UNKNOWN"
},
"title": "SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40318",
"datePublished": "2026-04-16T22:54:47.881Z",
"dateReserved": "2026-04-10T21:41:54.505Z",
"dateUpdated": "2026-04-18T02:48:57.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39813 (GCVE-0-2026-39813)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-06-18 09:01- CWE-24 - Escalation of privilege
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
5.0.0 , ≤ 5.0.5
(semver)
Affected: 4.4.0 , ≤ 4.4.8 (semver) cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSandbox Cloud |
Affected:
24.1
Affected: 23.4 Affected: 5.0.4 , ≤ 5.0.5 (semver) cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:20.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox Cloud",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "24.1"
},
{
"status": "affected",
"version": "23.4"
},
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.4",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal: \u0027../filedir\u0027 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T09:01:15.877Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39813",
"datePublished": "2026-04-14T15:38:30.311Z",
"dateReserved": "2026-04-07T15:24:13.846Z",
"dateUpdated": "2026-06-18T09:01:15.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33431 (GCVE-0-2026-33431)
Vulnerability from cvelistv5 – Published: 2026-04-20 20:24 – Updated: 2026-04-21 13:42- CWE-24 - Path Traversal: '../filedir'
| URL | Tags |
|---|---|
| https://github.com/roxy-wi/roxy-wi/security/advis… | x_refsource_CONFIRM |
| https://github.com/roxy-wi/roxy-wi/commit/d4d1000… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33431",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T13:42:13.885336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T13:42:19.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "roxy-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/\u003cservice\u003e/show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and its contents returned to the caller. The existing path traversal guard only inspects the base directory variable (which is never user-controlled) and entirely ignores the user-supplied configver value. An authenticated attacker can supply a configver value containing `../` sequences to escape the intended directory and read arbitrary files accessible to the web application process. Version 8.2.6.4 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T20:24:15.319Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4"
},
{
"name": "https://github.com/roxy-wi/roxy-wi/commit/d4d100067dd0ee04317f05d3b51be8fcfdc3f802",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/roxy-wi/roxy-wi/commit/d4d100067dd0ee04317f05d3b51be8fcfdc3f802"
}
],
"source": {
"advisory": "GHSA-w3c9-36jf-qrw4",
"discovery": "UNKNOWN"
},
"title": "Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33431",
"datePublished": "2026-04-20T20:24:15.319Z",
"dateReserved": "2026-03-19T18:45:22.435Z",
"dateUpdated": "2026-04-21T13:42:19.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28538 (GCVE-0-2026-28538)
Vulnerability from cvelistv5 – Published: 2026-03-05 07:51 – Updated: 2026-03-05 15:41- CWE-24 - Path Traversal: '../filedir'
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:02.007615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:41:01.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability in the certificate management module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Path traversal vulnerability in the certificate management module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:51:00.216Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28538",
"datePublished": "2026-03-05T07:51:00.216Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:41:01.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28427 (GCVE-0-2026-28427)
Vulnerability from cvelistv5 – Published: 2026-03-04 19:30 – Updated: 2026-03-04 21:05| URL | Tags |
|---|---|
| https://github.com/nekename/OpenDeck/security/adv… | x_refsource_CONFIRM |
| https://github.com/nekename/OpenDeck/commit/488a5… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T21:05:01.866211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:05:38.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenDeck",
"vendor": "nekename",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended directory and read any file OpenDeck can access. This vulnerability is fixed in 2.8.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:30:07.137Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nekename/OpenDeck/security/advisories/GHSA-4974-g27q-h5m8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nekename/OpenDeck/security/advisories/GHSA-4974-g27q-h5m8"
},
{
"name": "https://github.com/nekename/OpenDeck/commit/488a52050017e95a72ba448226ac5e19a20dd9ed",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nekename/OpenDeck/commit/488a52050017e95a72ba448226ac5e19a20dd9ed"
}
],
"source": {
"advisory": "GHSA-4974-g27q-h5m8",
"discovery": "UNKNOWN"
},
"title": "OpenDeck affected by path traversal allows arbitrary file read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28427",
"datePublished": "2026-03-04T19:30:07.137Z",
"dateReserved": "2026-02-27T15:54:05.137Z",
"dateUpdated": "2026-03-04T21:05:38.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22810 (GCVE-0-2026-22810)
Vulnerability from cvelistv5 – Published: 2026-05-18 20:23 – Updated: 2026-05-20 03:55- CWE-24 - Path Traversal: '../filedir'
| URL | Tags |
|---|---|
| https://github.com/laurent22/joplin/security/advi… | x_refsource_CONFIRM |
| https://github.com/laurent22/joplin/pull/13736 | x_refsource_MISC |
| https://github.com/laurent22/joplin/commit/791668… | x_refsource_MISC |
| https://github.com/laurent22/joplin/blob/af5108d7… | x_refsource_MISC |
| https://github.com/laurent22/joplin/releases/tag/v3.5.7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T03:55:23.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it\u0027s possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T20:23:57.607Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6"
},
{
"name": "https://github.com/laurent22/joplin/pull/13736",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/pull/13736"
},
{
"name": "https://github.com/laurent22/joplin/commit/791668455e1aae50501ff57ea4783b3fba9d377c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/791668455e1aae50501ff57ea4783b3fba9d377c"
},
{
"name": "https://github.com/laurent22/joplin/blob/af5108d70233b1db9410346958c1587cf7c1b16d/packages/onenote-converter/renderer/src/page/embedded_file.rs#L13-L16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/blob/af5108d70233b1db9410346958c1587cf7c1b16d/packages/onenote-converter/renderer/src/page/embedded_file.rs#L13-L16"
},
{
"name": "https://github.com/laurent22/joplin/releases/tag/v3.5.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v3.5.7"
}
],
"source": {
"advisory": "GHSA-gcmj-c9gg-9vh6",
"discovery": "UNKNOWN"
},
"title": "Joplin: Path traversal in OneNote importer allows overwriting arbitrary files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22810",
"datePublished": "2026-05-18T20:23:57.607Z",
"dateReserved": "2026-01-09T22:50:10.288Z",
"dateUpdated": "2026-05-20T03:55:23.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21857 (GCVE-0-2026-21857)
Vulnerability from cvelistv5 – Published: 2026-01-07 22:32 – Updated: 2026-01-08 18:17| URL | Tags |
|---|---|
| https://github.com/redaxo/redaxo/security/advisor… | x_refsource_CONFIRM |
| https://github.com/redaxo/redaxo/releases/tag/5.20.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21857",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T15:09:21.125268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:17:35.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redaxo",
"vendor": "redaxo",
"versions": [
{
"status": "affected",
"version": "\u003c 5.20.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon\u0027s file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T22:32:35.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
},
{
"name": "https://github.com/redaxo/redaxo/releases/tag/5.20.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redaxo/redaxo/releases/tag/5.20.2"
}
],
"source": {
"advisory": "GHSA-824x-88xg-cwrv",
"discovery": "UNKNOWN"
},
"title": "Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21857",
"datePublished": "2026-01-07T22:32:15.859Z",
"dateReserved": "2026-01-05T16:44:16.367Z",
"dateUpdated": "2026-01-08T18:17:35.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.