Path Traversal

An authenticated user can bypass the admin-configured `excluded_paths` security control in `jupyterlab-git` versions up to 0.53.0 by exploiting a case-sensitivity flaw on case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), allowing unauthorized read access to git history and file content in explicitly excluded directories.

PraisonAI's template loader is vulnerable to a path traversal flaw (GHSA-f44v-7qgw-9gh9) when processing GitHub template URIs, allowing an unauthenticated attacker to write arbitrary files or delete arbitrary directories on the system running PraisonAI, leading to corruption of user configuration, project state, or application data.

A critical vulnerability in PraisonAI's `multiedit` tool, affecting versions prior to 4.6.61, enables threat actors to achieve arbitrary file read and write capabilities by influencing LLM agent tool arguments, leading to sensitive data exfiltration and potential remote code execution.

Banana Slides version 0.4.0 contains a path traversal vulnerability (CVE-2026-49136) in the generate_image() function that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check.

Open ISES Project 3.30A is vulnerable to path traversal (CVE-2018-25408), allowing unauthenticated attackers to download arbitrary files by manipulating the filename parameter in the ajax/download.php endpoint, potentially exposing configuration and system files.

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability (CVE-2026-10108) in the GET /music/{file_path:path} endpoint, allowing unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check.

Gotenberg is vulnerable to path traversal (CVE-2026-44829) due to improper sanitization of filenames in zip archives, allowing attackers to write files outside the intended extraction directory by using Windows-style path separators (backslashes) in uploaded filenames, affecting versions up to 8.32.0.

DreamMaker by Interinfo is vulnerable to arbitrary file read via relative path traversal, allowing unauthenticated attackers to download arbitrary system files.

The compliance-trestle application is vulnerable to arbitrary file write via path traversal; the `-o/--output` argument in `trestle author jinja` allows writing files outside the intended workspace due to improper validation of path traversal characters, leading to potential CI/CD compromise or local code execution by overwriting sensitive files such as `.github/workflows/*.yml` or `.git/hooks/*`.

A path traversal vulnerability exists in KubeVirt's virt-exportserver component, where an attacker with namespace-level access can exploit this flaw by creating a symbolic link within an exported filesystem PVC to read arbitrary files from the exporter pod, leading to information disclosure.

Taipy 4.1.1 contains a path traversal vulnerability (CVE-2026-48544) in the ElementLibrary.get_resource() method that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check, enabling unauthorized file access outside the intended library directory.

IBM InfoSphere Optim Test Data Fabrication versions 1.0.0 through 1.0.2.7 are susceptible to a path traversal vulnerability (CVE-2026-3366), allowing a remote attacker to send a specially crafted URL request containing 'dot dot' sequences (/../) to view arbitrary files on the system.

IBM Langflow OSS versions 1.0.0 through 1.9.1 are vulnerable to remote code execution (CVE-2026-7524) due to improper validation of symbolic links during archive extraction, potentially allowing an attacker to execute arbitrary code on the system.

Casdoor version 3.54.1 is vulnerable to a path traversal attack, allowing arbitrary file writes on the system, with a public exploit available.

The tmp npm package contains a path traversal vulnerability (CVE-2026-44705) that allows writing files outside the intended temporary directory when untrusted data flows into the `prefix`, `postfix`, or `dir` options, leading to arbitrary file creation.

Kirby CMS versions 5.3.0 through 5.4.0 are vulnerable to pre-authentication path traversal, allowing an attacker to include arbitrary PHP files with the filename `index.php`, potentially leading to sensitive information disclosure or malicious actions due to insufficient validation of the provided user ID during user lookup.

A path traversal vulnerability (CVE-2026-9550) exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0, allowing remote attackers to access sensitive files by manipulating the path argument in the /SubstationWEBV2/app/..;/main/upfile component.

CVE-2025-51480 is a path traversal vulnerability in ONNX 1.17.0 that allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences.

CVE-2025-14575 describes an uncontrolled search path element vulnerability in the Qt Network OpenSSL TLS backend, allowing for the loading of rogue CA certificates, potentially leading to man-in-the-middle attacks.

Multiple vulnerabilities exist in Trend Micro products, including TrendAI Apex One, potentially allowing authenticated attackers to tamper with files, distribute malicious code, or escalate privileges; CVE-2026-34926 is being actively exploited.

A path traversal vulnerability (CVE-2025-3465) in ABB CoreSense HM and CoreSense M10 allows unauthenticated local users to access restricted directories, potentially leading to system compromise and information exposure; patch to CoreSense™ HM v2.3.4 and CoreSense™ M10 v1.4.1.31.

The `pullArtifact` methods in `Registry` and `OCILayout` use the `org.opencontainers.image.title` annotation from a pulled manifest as a filename, resolving it against the caller supplied output directory without normalization or a containment check, allowing a manifest publisher to write blobs outside of the intended target directory.

A path traversal vulnerability exists in zrok copy (CVE-2026-45576) where an attacker-controlled WebDAV or zrok drive can write files outside the destination root by manipulating the DAV `href` response.

Summarize versions prior to 0.15.1 are vulnerable to path traversal in the /v1/summarize daemon endpoint, allowing authenticated callers to write files to arbitrary directories via the slidesDir request parameter and subsequently delete files.

DumbAssets version 1.0.11 is vulnerable to a path traversal vulnerability in the POST /api/delete-file endpoint, allowing unauthenticated attackers to delete arbitrary files, including critical files like server.js or package.json, resulting in denial of service.

An unauthenticated path traversal vulnerability exists in CloakBrowser's cloakserve component (versions 0.3.27 and earlier) where a crafted fingerprint query parameter with path traversal sequences can be used to delete arbitrary directories accessible to the service user (CVE-2026-45727).

Dify version 1.14.1 and prior contain a path traversal vulnerability (CVE-2026-41948) that allows authenticated users to manipulate requests to the Plugin Daemon's internal REST API and access internal endpoints by traversing out of their authorized tenant path.

adenhq hive versions up to 0.11.0 are vulnerable to path traversal via manipulation of the _read_events_tail function in core/framework/server/routes_sessions.py, allowing a remote attacker to potentially access sensitive files.

A remote path traversal vulnerability exists in fishaudio Bert-VITS2's Gradio Interface, allowing attackers to manipulate the data_dir argument in the generate_config function of webui_preprocess.py.

Google Drive for WordPress 2.2 is vulnerable to path traversal (CVE-2018-25326), allowing unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter.

WooCommerce CSV Importer 3.3.6 contains a path traversal vulnerability (CVE-2018-25325) that allows registered users to delete arbitrary files by submitting crafted filenames via the delete_export_file AJAX action.

Home Assistant Community Store (HACS) 1.10.0 is vulnerable to a path traversal, allowing unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint, leading to potential account takeover.

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field, allowing attackers to access sensitive files, and a stored XSS vulnerability due to improper input sanitization, leading to arbitrary script execution in the context of affected users (CVE-2020-37245).

A path traversal vulnerability in SimpleSAMLphp's casserver module allows remote attackers to read and potentially delete arbitrary files outside the ticket directory by manipulating the ticket parameter in CAS validation requests, impacting confidentiality and integrity.

Pipecat's development runner has a path traversal vulnerability in the `/files` endpoint due to lack of input validation when handling the filename parameter, allowing an unauthenticated attacker with network access to read arbitrary files on the server using `%2F`-encoded separators.

A path traversal vulnerability exists in the OneNote importer of Joplin versions 3.5.6 and earlier. By importing a crafted .one file, an attacker can overwrite arbitrary files on the disk, potentially leading to privilege escalation and remote code execution. The vulnerability stems from the lack of sanitization of embedded file names within the OneNote converter, allowing filenames containing directory traversal sequences like `../../`.

The Quick Playground plugin for WordPress, versions up to 1.3.3, is vulnerable to a path traversal vulnerability (CVE-2026-6403) in the qckply_zip_theme() function, allowing unauthenticated attackers to create ZIP archives containing arbitrary server files, including wp-config.

Multiple path traversal vulnerabilities exist in go-billy, particularly affecting the `osfs.ChrootOS` implementation, where crafted paths can escape intended base directories due to insufficient path sanitization and boundary enforcement; users requiring stronger security should upgrade to v6 and use `os.Root`.

CVE-2026-6282 describes a potential improper file path validation vulnerability in Lenovo Personal Cloud Storage devices, allowing a remote authenticated user to move or access files belonging to other users.

A local file inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the `browser` field in `package.json` within esm.sh, allowing an attacker to publish a malicious npm package that causes the server to read arbitrary files from the host filesystem.

SillyTavern versions 1.17.0 and earlier contain a path traversal vulnerability, CVE-2026-44650, in the `/api/extensions/delete` endpoint (and others), allowing an unauthenticated user to delete the entire extensions directory by providing '.' as the extension name, leading to data loss and potential remote exploitation via chaining with CVE-2025-59159.

Heym before 0.0.21 is vulnerable to path traversal, allowing authenticated users to write attacker-controlled files to arbitrary locations by exploiting the unvalidated filename parameter in the upload_file() handler (CVE-2026-45225).

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are vulnerable to a path traversal (CVE-2026-34653) allowing authenticated administrators to read and write arbitrary files.

ROS# versions prior to V2.2.2 are vulnerable to path traversal (CVE-2026-41551) due to insufficient sanitization of user input, potentially enabling remote attackers to read arbitrary files.

Crabbox versions before 0.9.0 contain a path traversal vulnerability (CVE-2026-45224) in the Islo provider's workspace path resolution, allowing attackers to cause arbitrary file deletion and overwrite by crafting malicious .crabbox.yaml files with traversal sequences when sync.delete is enabled.

The FileSystemLoader in python-liquid versions before 2.2.0 allows malicious template authors to read arbitrary files outside the search paths via the `{% include %}` and `{% render %}` tags by using absolute paths; this is resolved in version 2.2.0 by checking for absolute paths in the `resolve_path()` method.

Open WebUI is vulnerable to path traversal (CVE-2026-44565), allowing attackers to upload files to arbitrary locations on the web server's filesystem and subsequently delete them due to insufficient filename sanitization in the `/ollama/models/upload` API endpoint.

PraisonAI versions 2.7.2 through 4.6.35 are vulnerable to an arbitrary file write due to improper validation of symlinks during archive extraction, affecting `recipe pull`, `recipe publish`, and `recipe unpack` flows.

PraisonAI's MCP server is vulnerable to path traversal leading to arbitrary code execution by writing a Python `.pth` file into the user's site-packages directory, triggered via poisoned LLM contexts or unauthenticated HTTP-stream transports due to unvalidated kwargs in the dispatcher and lack of containment checks in file-handling tools.

A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Hardened Images RPMs to cause a denial-of-service condition and possibly manipulate data or perform path traversal attacks.

n8n-mcp versions before 2.50.1 are vulnerable to path traversal, redirect-following SSRF, and telemetry payload exposure, potentially leading to sensitive information disclosure and unauthorized access.

A path traversal vulnerability exists in FileBrowser's public share DELETE API allowing unauthenticated attackers with valid share hashes and delete permissions to delete arbitrary files outside the shared directory, leading to unauthorized data loss and potential service disruption.

A path traversal vulnerability (CVE-2026-25705) exists in Rancher's Extensions through the `compressedEndpoint` field in a `UIPlugin` deployment, allowing malicious UI extensions to overwrite Rancher binaries, tamper with cluster state, or write to the host filesystem.

PyLoad versions 0.5.0b3.dev99 and earlier are vulnerable to a path traversal vulnerability in the `set_package_data` function, allowing attackers to write files to arbitrary directories with the privileges of the PyLoad process.

Grav CMS is vulnerable to an unauthenticated path traversal vulnerability within the FormFlash component, allowing attackers to create arbitrary directories and write files, leading to configuration injection and potential denial of service; fixed in version 2.0.0-beta.2.

A path traversal vulnerability in `@evomap/evolver` allows a malicious A2A Hub to overwrite project files, leading to remote code execution when a user fetches a malicious skill.

The django-s3file package is vulnerable to relative path traversal attacks via the S3FileMiddleware component, allowing attackers to bypass pre-signed upload locations and potentially leading to unauthorized file access and modification.

A path traversal vulnerability exists in the Langflow Knowledge Bases API (`DELETE /api/v1/knowledge_bases`) that allows an authenticated attacker to delete arbitrary directories on the server's filesystem, leading to data loss and potential service disruption.

Jupyter Server version 2.17.0 and earlier is vulnerable to a path traversal vulnerability due to an insufficient check on the root directory, allowing an authenticated user to access, read, write, and delete content outside the server's root directory in sibling directories that share the same prefix as the root directory, potentially leading to privilege escalation in multi-tenant environments.

OpenClaw before 2026.4.10 is vulnerable to an arbitrary file read via specially crafted QQBot media tags, allowing attackers to disclose local files through outbound media handling.

The Forminator Forms WordPress plugin is vulnerable to an unauthenticated path traversal that allows reading arbitrary files on the server when specific features are enabled.

A path traversal vulnerability exists in the create_notebook/read_notebook/edit_cell/add_cell functions of server.py in UsamaK98's python-notebook-mcp, allowing remote attackers to access arbitrary files.

A path traversal vulnerability exists in Axle-Bucamp MCP-Docusaurus versions up to commit 404bc028e15ec304c9a045528560f4b5f27a17e0, allowing remote attackers to access sensitive files by manipulating the DOCS_DIR/path argument in specific functions.

RTGS2017 NagaAgent up to version 5.1.0 is vulnerable to path traversal via manipulation of the 'Name' argument in the Skills Endpoint, potentially leading to unauthorized file access.

OpenMRS versions 2.7.8 and earlier, as well as versions 2.8.0 through 2.8.5, are vulnerable to a path traversal (Zip Slip) attack via the `POST /openmrs/ws/rest/v1/module` endpoint that allows authenticated attackers to achieve arbitrary file write and remote code execution.

A path traversal vulnerability exists in Flux159 mcp-game-asset-gen version 0.1.0, where manipulation of the `statusFile` argument in the `image_to_3d_async` function allows for remote exploitation.

A path traversal vulnerability exists in Fujian Apex LiveBOS version 2.0 and earlier, allowing remote attackers to read arbitrary files by manipulating the filename argument in the /feed/UploadImage.do endpoint.

A path traversal vulnerability in ABB PCM600 versions 1.5 to 2.13 (CVE-2018-1002208) allows a local attacker with low privileges to execute arbitrary code by sending a specially crafted message to the system node.

CVE-2026-34978 is a path traversal vulnerability in OpenPrinting CUPS that allows writing files outside the CacheDir/rss directory, potentially overwriting the job.cache file.

A relative path traversal vulnerability exists in getsimpletool mcpo-simple-server <= 0.2.0, allowing remote attackers to delete arbitrary files via manipulation of the `detail` argument in the `delete_shared_prompt` function.

A path traversal vulnerability exists in fatbobman mail-mcp-bridge version 1.3.3 and earlier, allowing a remote attacker to read arbitrary files by manipulating the message_ids argument in the src/mail_mcp_server.py file.

A path traversal vulnerability exists in eiceblue spire-pdf-mcp-server version 0.1.1, allowing remote attackers to access arbitrary files via manipulation of the filepath argument in the get_pdf_path function.

A path traversal vulnerability exists in eiceblue spire-doc-mcp-server version 1.0.0, allowing a remote attacker to access arbitrary files by manipulating the 'document_name' argument in the 'get_doc_path' function.

Elinsky execution-system-mcp 0.1.0 is vulnerable to path traversal via manipulation of the context argument in the _get_context_file_path function, allowing remote attackers to access sensitive files.

A path traversal vulnerability exists in douinc mkdocs-mcp-plugin up to version 0.4.1, allowing remote attackers to access unauthorized files through manipulation of the docs_dir/file_path argument in the read_document/list_documents functions within server.py.

A path traversal vulnerability (CVE-2026-7237) exists in AgiFlow scaffold-mcp versions up to 1.0.27, allowing remote attackers to write to arbitrary files by manipulating the file_path argument in the write-to-file tool.

A path traversal vulnerability (CVE-2026-7234) exists in BrowserOperator browser-operator-core up to version 0.6.0, allowing remote attackers to read arbitrary files by manipulating the request.url argument in the startsWith function of scripts/component_server/server.js.

A path traversal vulnerability (CVE-2026-7214) exists in eghuzefa's engineer-your-data up to version 0.1.3, allowing remote attackers to read or write arbitrary files by manipulating the WORKSPACE_PATH argument.

A path traversal vulnerability exists in edvardlindelof notes-mcp up to version 0.1.4, affecting the notes_mcp.py file, allowing a remote attacker to access sensitive files by manipulating the `root_dir/path` argument.

A path traversal vulnerability exists in the `search_papers` function of `src/main.py` in duartium papers-mcp-server version 9ceb3812a6458ba7922ca24a7406f8807bc55598, allowing remote attackers to read arbitrary files by manipulating the `topic` argument, with a public exploit available.

CVE-2026-7036 is a path traversal vulnerability affecting the R7WebsSecurityHandlerfunction in the HTTP Handler component of Tenda i9 version 1.0.0.5(2204), allowing remote attackers to access sensitive files.

Radare2 versions prior to 6.1.4 are vulnerable to a path traversal in project deletion, allowing local attackers to recursively delete arbitrary directories by escaping the 'dir.projects' root, leading to integrity and availability loss.

SiYuan is vulnerable to path traversal via double URL encoding in the `/export/` endpoint, bypassing an incomplete fix for CVE-2026-30869; an authenticated attacker can exploit this vulnerability to traverse directories and read arbitrary workspace files, including the SQLite database (`siyuan.db`), kernel log, and user documents due to a redundant `url.PathUnescape()` call in `serveExport()`.

A local attacker can exploit a path traversal vulnerability in InstructLab by manipulating the `logs_dir` parameter, leading to arbitrary file creation and modification.

WWBN AVideo versions 29.0 and below contain a path traversal vulnerability (CVE-2026-41058) in the CloneSite functionality, allowing unauthenticated attackers to delete arbitrary files via manipulation of the `deleteDump` parameter.

Hermes WebUI is vulnerable to arbitrary file deletion via path traversal in the /api/session/delete endpoint due to insufficient validation of the session_id parameter, allowing authenticated attackers to delete writable JSON files on the host system.

A critical unauthenticated path traversal vulnerability (CVE-2026-40050) in CrowdStrike LogScale allows remote attackers to read arbitrary files from the server filesystem if a specific cluster API endpoint is exposed, necessitating immediate patching for self-hosted customers.

Unpatched JetBrains TeamCity servers are being actively exploited via an authentication bypass (CVE-2024-27198) and path traversal vulnerability (CVE-2024-27199), allowing attackers to perform administrative actions and potentially conduct supply-chain attacks.

A path traversal vulnerability in Apktool versions 3.0.0 and 3.0.1 allows a malicious APK file to write arbitrary files to the filesystem during decoding, potentially leading to remote code execution.

TeamT5's ThreatSonar Anti-Ransomware is vulnerable to arbitrary file deletion via path traversal, allowing authenticated remote attackers with web access to delete arbitrary files on the system.

KodExplorer up to version 4.52 is vulnerable to a path traversal attack via manipulation of the path argument in the share.class.php::initShareOld function, potentially allowing remote attackers to access sensitive files.

An authenticated user with CREATE FUNCTION privileges can exploit a path traversal vulnerability in Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14, to load an arbitrary shared library leading to code execution as the server's OS account.

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed, allowing attackers to write files outside the intended custom-agent directory.

OCaml opam before 2.5.1 is vulnerable to path traversal via a crafted .install file, potentially allowing attackers to overwrite arbitrary files.

Multiple critical vulnerabilities in CISCO ISE (CVE-2026-20186, CVE-2026-20147, CVE-2026-20180) allow remote attackers with low privileges to execute arbitrary commands, potentially escalating privileges to root and causing denial-of-service.

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to arbitrary file read due to insufficient path traversal sanitization, allowing authenticated attackers to read sensitive files from the WordPress host.

Weblate versions before 5.17 are vulnerable to path traversal due to improper verification of downloaded files in the ZIP download feature, potentially allowing attackers to access files outside the intended repository.

Zarf is vulnerable to path traversal due to insufficient sanitization of the Metadata.Name field in package manifests when using the `zarf package inspect sbom` or `zarf package inspect documentation` commands, potentially leading to arbitrary file write.

A path traversal vulnerability (CVE-2026-34619) in Adobe ColdFusion versions 2023.18, 2025.6, and earlier allows an attacker to bypass security features and access unauthorized files or directories without user interaction.

A path traversal vulnerability (CVE-2026-39813) in Fortinet FortiSandbox versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8 may allow an unauthenticated attacker to escalate privileges via '../filedir'.

A path traversal vulnerability in UniFi Play devices allows an attacker with network access to write arbitrary files, leading to remote code execution.

A path traversal vulnerability in Helm versions 4.0.0 to 4.1.3 allows a malicious plugin to write files to arbitrary locations on the filesystem, leading to potential system compromise.

A path traversal vulnerability (CVE-2026-31939) in Chamilo LMS versions prior to 1.11.38 allows authenticated attackers to delete arbitrary files via unsanitized user input in the 'test' parameter of savescores.php.

OpenClaw before 2026.3.24 is vulnerable to path traversal, allowing sandboxed agents to read arbitrary files from other agents' workspaces via manipulated URL parameters.

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal, allowing authenticated attackers with subscriber-level access to overwrite arbitrary files on the server with a fixed PHP docblock content, potentially causing denial of service.

AGiXT versions prior to 1.9.2 are vulnerable to path traversal (CVE-2026-39981) due to insufficient validation in the safe_join() function, allowing authenticated attackers to read, write, or delete arbitrary files.

A path traversal vulnerability exists in The Sleuth Kit through 4.14.0 (tsk_recover), enabling attackers to write files to arbitrary locations via crafted filenames with path traversal sequences in a filesystem image, potentially leading to code execution.

CVE-2026-33466 describes a vulnerability in Logstash where improper validation of file paths within compressed archives allows arbitrary file writes, potentially leading to remote code execution.

Emmett web framework versions 2.5.0 to before 2.8.1 are vulnerable to path traversal attacks (CVE-2026-39847), allowing attackers to read arbitrary files outside the intended assets directory using manipulated URLs.

A path traversal vulnerability in ChurchCRM versions prior to 6.5.3 allows authenticated administrators to upload arbitrary files, leading to remote code execution by overwriting Apache .htaccess files.

text-generation-webui versions prior to 4.1.1 are vulnerable to path traversal, allowing a high-privileged user to overwrite Python files and achieve arbitrary code execution by triggering the 'download-model.py' file through the application's 'Model' menu.

A path traversal vulnerability exists in prompts.chat prior to commit 0f8d4c3, allowing attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames.

The goshs application is vulnerable to unauthenticated path traversal (CVE-2026-35471) due to a missing return statement in the `deleteFile()` function, allowing attackers to delete arbitrary files and directories using a crafted GET request.

A Zip Slip vulnerability in coder/code-marketplace allows authenticated users to upload malicious VSIX files containing path traversal entries, leading to arbitrary file writes outside the extension directory and potentially enabling persistence.

Emlog versions 2.6.2 and prior are vulnerable to path traversal via crafted ZIP uploads, allowing authenticated admins to write arbitrary files and achieve remote code execution.

A path traversal vulnerability exists in Budibase versions prior to 3.33.4, allowing attackers with Global Builder privileges to delete arbitrary directories and write arbitrary files via crafted plugin uploads.

The Perfmatters plugin for WordPress versions up to 2.5.9.1 is vulnerable to arbitrary file deletion via path traversal, allowing authenticated attackers with minimal privileges to delete sensitive files.

Endian Firewall versions 3.3.25 and prior allow authenticated users to delete arbitrary files due to a path traversal vulnerability in the `remove ARCHIVE` parameter of the `/cgi-bin/backup.cgi` script, leading to unauthorized file system modification.

A path traversal vulnerability in SillyTavern versions 1.16.0 and earlier allows an authenticated attacker to read and delete arbitrary files under their user data root by manipulating the avatar_url parameter in the `/api/chats/export` and `/api/chats/delete` endpoints.

Tina CMS versions before 2.2.2 are vulnerable to a path traversal attack that allows unauthorized file system access due to insufficient validation of symlinks and junction targets in media routes.

A path traversal vulnerability (CVE-2026-5258) exists in Sanster IOPaint 1.5.3, allowing remote attackers to read arbitrary files by manipulating the filename argument in the _get_file function within the File Manager component.

CVE-2025-10559 is a path traversal vulnerability in DELMIA Factory Resource Manager, affecting versions 3DEXPERIENCE R2023x through R2025x, which allows an attacker with low privileges to read or write files in specific directories on the server, potentially leading to information disclosure or code execution.

A path traversal vulnerability (CVE-2026-32727) in SciTokens library versions prior to 1.9.7 allows attackers to bypass intended directory restrictions using dot-dot sequences in the scope claim of a token due to improper path normalization.

A path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root by manipulating the relativePath parameter in GraphQL mutations, leading to potential arbitrary code execution.

CVE-2026-2328 describes a vulnerability where an unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, leading to the exposure of sensitive information.

A path traversal vulnerability in LangChain Core's legacy `load_prompt` functions allows attackers to read arbitrary files by injecting malicious paths into prompt configurations.

The @mobilenext/mobile-mcp package before version 0.0.49 is vulnerable to a Path Traversal vulnerability in the mobile_save_screenshot and mobile_start_screen_recording tools where the `saveTo` and `output` parameters are passed directly to filesystem operations without validation, potentially allowing an attacker to write files outside the intended workspace, leading to privilege escalation and persistence by overwriting sensitive host files.

The 'POST /api/v2/files' endpoint is vulnerable to path traversal due to improper sanitization of the 'filename' parameter, potentially allowing attackers to write files to arbitrary locations on the filesystem and achieve remote code execution.

A path traversal vulnerability exists in Sharp CMS versions prior to 9.20.0 due to improper sanitization of file extensions, potentially allowing attackers to bypass security restrictions and access sensitive files.

A path traversal vulnerability in Langflow versions before 1.7.1 allows unauthenticated attackers to read sensitive files via the download_profile_picture endpoint due to insufficient filtering of the folder_name and file_name parameters.

CVE-2025-60946 details a vulnerability in Census CSWeb 8.0.1, where arbitrary file path input is permitted, allowing a remote, authenticated attacker to access unintended file directories.

A path traversal vulnerability exists in Spring Cloud Config Server versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2, allowing unauthenticated remote attackers to access files outside configured search directories when using the native file system backend.

The Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter, allowing arbitrary file reads from the resolver pod's filesystem, including ServiceAccount tokens.

Salvo web framework versions 0.39.0 through 0.89.2 are vulnerable to Path Traversal and Access Control Bypass, allowing unauthenticated external attackers to bypass proxy routing constraints and access unintended backend paths.

A combination of path traversal (CVE-2026-22557) and NoSQL injection (CVE-2026-22558) vulnerabilities in the UniFi Network Application allows attackers to access files, escalate privileges, and potentially compromise the entire system.

A path traversal vulnerability exists in the `fetch` command of `@evomap/evolver` due to insufficient validation of the `--out` flag, allowing attackers to write files to arbitrary locations on the filesystem, potentially leading to overwriting critical system files and privilege escalation.

Open WebUI version 0.1.105 is vulnerable to arbitrary file upload and path traversal, allowing attackers to upload files to arbitrary locations on the web server's filesystem by exploiting a lack of filename validation.

CVE-2024-57728 is a path traversal vulnerability in SimpleHelp that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file, potentially leading to arbitrary code execution.

A path traversal vulnerability in Samsung MagicINFO 9 Server could allow an attacker to write arbitrary files with system privileges, potentially leading to code execution or system compromise.

Electerm versions prior to 3.7.16 are vulnerable to path traversal, leading to arbitrary code execution through unsanitized widget identifiers.

A relative path traversal vulnerability in JetBrains TeamCity (CVE-2024-27199) could allow limited administrative actions and has been linked to ransomware attacks.

CVE-2024-1708 is a path traversal vulnerability in ConnectWise ScreenConnect that could allow an attacker to execute remote code or directly impact confidential data and critical systems.

Kentico Xperience contains a path traversal vulnerability (CVE-2025-2749) that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations, potentially leading to remote code execution or data compromise.

A path traversal vulnerability exists in gix and gitoxide where unvalidated submodule names from `.gitmodules` can be used to escape the `.git/modules` directory, potentially leading to repository confusion by redirecting submodule state inspection and open operations to attacker-controlled paths.

Versions of i18next-http-middleware before 3.9.3 are vulnerable to prototype pollution, path traversal, and server-side request forgery (SSRF) due to improper validation of user-controlled language and namespace parameters, potentially leading to denial of service or remote code execution.

i18next-fs-backend versions before 2.6.4 are vulnerable to path traversal due to insufficient sanitization of the lng and ns values, potentially allowing attackers to read arbitrary files, overwrite files, or execute code if .js or .ts locale files are in use.

A path traversal vulnerability exists in Mako versions 1.3.11 and earlier on Windows, allowing attackers to read arbitrary files outside the configured template directory by using backslashes in URIs to bypass directory traversal checks.

Note Mark is vulnerable to arbitrary file write via path traversal in asset names, leading to remote code execution by overwriting system binaries such as /bin/bash.

A path traversal vulnerability exists in the prepare_kaggle_dataset function of kaggle-mcp up to version 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d, allowing remote attackers to access arbitrary files by manipulating the competition_id argument.

A path traversal vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations.

Xerte Online Toolkits 3.15 and earlier are vulnerable to relative path traversal, allowing attackers to move files and potentially achieve remote code execution.

A path traversal vulnerability exists in pygeoapi versions 0.23.0 to 0.23.2 within the STAC FileSystemProvider plugin, allowing unauthenticated access to directories when deployed without a URL-normalizing proxy.

A path traversal vulnerability exists in WilliamCloudQi matlab-mcp-server up to version ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca, allowing a remote attacker to manipulate the scriptPath argument in the generate_matlab_code/execute_matlab_code function to access arbitrary files.

CVE-2026-5166 is a path traversal vulnerability affecting TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center before version 1.0.3, allowing attackers to bypass directory restrictions.

OpenMRS Core versions 2.7.8 and earlier, as well as versions 2.8.0 through 2.8.5, contain a path traversal vulnerability in the ModuleResourcesServlet, allowing an unauthenticated attacker to read arbitrary files from the server filesystem by manipulating the URL.

A path traversal vulnerability in MindsDB versions prior to 25.9.1.1 allows an attacker to achieve remote code execution by uploading a malicious payload and triggering its execution.

MCPHub is vulnerable to path traversal, where a malicious MCPB file with a crafted manifest.name can cause files to be extracted to arbitrary locations due to missing sanitization in the upload handler.

A vulnerability in gix's submodule name validation allows path traversal via a crafted .gitmodules file, combined with a trust inheritance flaw in Submodule::open(), enabling arbitrary git repository config reading, including credentials, with full trust.

A path traversal vulnerability in florensiawidjaja BioinfoMCP allows remote attackers to write arbitrary files via manipulation of the 'Name' argument in the Upload function of app.py.

AzuraCast is vulnerable to path traversal in the Flow.js media upload endpoint, allowing authenticated users with media permissions to write arbitrary files, leading to remote code execution via PHP webshell upload.

A path traversal vulnerability exists in the is_safe_path function of the MCP File Handler component in 54yyyu code-mcp, allowing remote attackers to access sensitive files.

A path traversal vulnerability exists in ef10007 MLOps_MCP version 1.0.0, allowing a remote attacker to manipulate the 'filename/destination' argument in the 'save_file Tool' component's 'fastmcp_server.py' file.

Microsoft APM CLI version 0.8.11 and earlier are vulnerable to path traversal, allowing a malicious plugin to copy arbitrary readable host files during installation by manipulating paths in the plugin.json file.

mcp-ssh-tool versions 2.1.0 and earlier have a policy bypass in transfer path handling and expose a timing side channel in bearer-token comparison for HTTP deployments, addressed in version 2.1.1.

A path traversal vulnerability exists in geekgod382 filesystem-mcp-server version 1.0.0 allowing remote attackers to access unauthorized files due to insufficient path validation in the is_path_allowed function.

fast-uri versions 3.1.0 and earlier are vulnerable to path traversal due to decoding percent-encoded path separators and dot segments before dot-segment removal, potentially leading to bypasses of path-based policy enforcement.

Detect-It-Easy versions prior to 3.21 are vulnerable to path traversal, allowing attackers to write arbitrary files to the filesystem and potentially achieve code execution by crafting malicious archive entries.

A symlink-following path traversal vulnerability exists in apko versions prior to 1.2.5 allowing a malicious .apk file to create a symbolic link pointing outside the build root and subsequently modify files on the host system.