CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-4J3Q-G7JX-6RW4
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-41107"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:22Z",
"severity": "HIGH"
},
"details": "External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-4j3q-g7jx-6rw4",
"modified": "2026-05-12T18:30:46Z",
"published": "2026-05-12T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41107"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41107"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4M57-4HQX-RGQV
Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-07-25 18:30Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.
{
"affected": [],
"aliases": [
"CVE-2015-10142"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T16:15:26Z",
"severity": "MODERATE"
},
"details": "Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to\u00a07.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL.\u00a0Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.",
"id": "GHSA-4m57-4hqx-rgqv",
"modified": "2025-07-25T18:30:38Z",
"published": "2025-07-25T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-10142"
},
{
"type": "WEB",
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB0816762"
},
{
"type": "WEB",
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1002377"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/sitecore-xp-cms-file-read-via-known-path"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4R67-5W29-W28M
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack.
{
"affected": [],
"aliases": [
"CVE-2024-6079"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T18:15:32Z",
"severity": "MODERATE"
},
"details": "A vulnerability exists in the Rockwell Automation Emulate3D\u2122,\u00a0which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack.",
"id": "GHSA-4r67-5w29-w28m",
"modified": "2024-08-13T18:31:17Z",
"published": "2024-08-13T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6079"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201683.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4R9Q-WQCJ-X85J
Vulnerability from github – Published: 2022-06-02 00:00 – Updated: 2025-10-22 00:32Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-30190"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-01T20:15:00Z",
"severity": "HIGH"
},
"details": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.",
"id": "GHSA-4r9q-wqcj-x85j",
"modified": "2025-10-22T00:32:33Z",
"published": "2022-06-02T00:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30190"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-30190"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4WCH-CG8H-VQC6
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2025-10-22 00:31This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
{
"affected": [],
"aliases": [
"CVE-2019-7194"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-05T17:15:00Z",
"severity": "HIGH"
},
"details": "This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.",
"id": "GHSA-4wch-cg8h-vqc6",
"modified": "2025-10-22T00:31:49Z",
"published": "2022-05-24T17:02:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7194"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7194"
},
{
"type": "WEB",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4WJQ-4WFF-QW9C
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-02-25 00:30A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2022-39952"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T19:15:00Z",
"severity": "CRITICAL"
},
"details": "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.",
"id": "GHSA-4wjq-4wff-qw9c",
"modified": "2023-02-25T00:30:45Z",
"published": "2023-02-16T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39952"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-22-300"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5227-22F5-M93M
Vulnerability from github – Published: 2025-01-11 03:30 – Updated: 2025-01-11 03:30HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.
{
"affected": [],
"aliases": [
"CVE-2024-42168"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-11T03:15:21Z",
"severity": "HIGH"
},
"details": "HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.",
"id": "GHSA-5227-22f5-m93m",
"modified": "2025-01-11T03:30:40Z",
"published": "2025-01-11T03:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42168"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0118149"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-524P-6J7X-RWRC
Vulnerability from github – Published: 2022-09-07 00:01 – Updated: 2022-09-13 00:00The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.
{
"affected": [],
"aliases": [
"CVE-2022-2633"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-06T18:15:00Z",
"severity": "HIGH"
},
"details": "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the \u0027dl\u0027 parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.",
"id": "GHSA-524p-6j7x-rwrc",
"modified": "2022-09-13T00:00:41Z",
"published": "2022-09-07T00:01:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2633"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2744708%40all-in-one-video-gallery\u0026new=2744708%40all-in-one-video-gallery\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-52JJ-6W68-3M25
Vulnerability from github – Published: 2024-08-27 12:30 – Updated: 2025-05-17 00:30In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.
Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
{
"affected": [],
"aliases": [
"CVE-2024-8207"
],
"database_specific": {
"cwe_ids": [
"CWE-114",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-27T12:15:04Z",
"severity": "MODERATE"
},
"details": "In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue",
"id": "GHSA-52jj-6w68-3m25",
"modified": "2025-05-17T00:30:25Z",
"published": "2024-08-27T12:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-69507"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250516-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-55CF-XX38-4P9P
Vulnerability from github – Published: 2026-05-04 20:22 – Updated: 2026-05-19 15:56Summary
Workspace dotenv files cannot override connector endpoint hosts.
Affected Packages / Versions
- Package: openclaw (npm)
- Affected versions: <= 2026.4.21
- Fixed version: 2026.4.22
Impact
A workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or Synology-related connectors and redirect runtime traffic away from the operator-configured endpoint.
Fix
Workspace .env loading now blocks those endpoint variables, including per-account Matrix homeserver suffixes and generic base-url/API-host style overrides. Trusted global runtime dotenv loading remains separate.
Fix Commit(s)
- 0623079e98abf7202591f1b04a89755eb7ec9272
Verification
- The fix commit is contained in the public v2026.4.22 tag.
- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.
- Focused regression coverage for this path passed before publication.
OpenClaw thanks @qi-scape for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.4.21"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45003"
],
"database_specific": {
"cwe_ids": [
"CWE-427",
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-04T20:22:15Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\nWorkspace dotenv files cannot override connector endpoint hosts.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: \u003c= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or Synology-related connectors and redirect runtime traffic away from the operator-configured endpoint.\n\n## Fix\nWorkspace .env loading now blocks those endpoint variables, including per-account Matrix homeserver suffixes and generic base-url/API-host style overrides. Trusted global runtime dotenv loading remains separate.\n\n## Fix Commit(s)\n- 0623079e98abf7202591f1b04a89755eb7ec9272\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @qi-scape for reporting.",
"id": "GHSA-55cf-xx38-4p9p",
"modified": "2026-05-19T15:56:37Z",
"published": "2026-05-04T20:22:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Workspace dotenv files cannot override connector endpoint hosts"
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.