VariantIncomplete
CWE-24Path Traversal: '../filedir'
Category: other
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
Common consequences· 1
- Confidentiality / Integrity — Read Files or Directories, Modify Files or Directories
Potential mitigations· 2
- [Implementation]
- [Implementation]Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
References
(incoming)11
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-1588cve-2025-1588 | 0% | live |
| Vulnerability | CVE-2025-1599cve-2025-1599 | 0% | live |
| Vulnerability | Srimax Output Messenger Directory Traversal Vulnerabilitycve-2025-27920 | 0% | live |
| Vulnerability | CVE-2025-43928cve-2025-43928 | 0% | live |
| Vulnerability | CVE-2025-54769cve-2025-54769 | 0% | live |
| Vulnerability | CVE-2025-60344cve-2025-60344 | 0% | live |
| Vulnerability | CVE-2025-61318cve-2025-61318 | 0% | live |
| Vulnerability | CVE-2025-63298cve-2025-63298 | 0% | live |
| Vulnerability | CVE-2026-22810cve-2026-22810 | 0% | live |
| Vulnerability | CVE-2026-39813cve-2026-39813 | 0% | live |
| Vulnerability | CVE-2026-40318cve-2026-40318 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.