VariantIncomplete
CWE-35Path Traversal: '.../...//'
Category: other
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Common consequences· 1
- Confidentiality / Integrity — Read Files or Directories, Modify Files or Directories, Bypass Protection MechanismNot properly neutralizing '.../...//' (doubled triple dot slash) allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Potential mitigations· 2
- [Implementation]
- [Implementation]Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
References
(incoming)30
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-22786cve-2025-22786 | 0% | live |
| Vulnerability | CVE-2025-24685cve-2025-24685 | 0% | live |
| Vulnerability | CVE-2025-24786cve-2025-24786 | 0% | live |
| Vulnerability | CVE-2025-25122cve-2025-25122 | 0% | live |
| Vulnerability | CVE-2025-26935cve-2025-26935 | 0% | live |
| Vulnerability | CVE-2025-27010cve-2025-27010 | 0% | live |
| Vulnerability | CVE-2025-27222cve-2025-27222 | 0% | live |
| Vulnerability | CVE-2025-30515cve-2025-30515 | 0% | live |
| Vulnerability | CVE-2025-39467cve-2025-39467 | 0% | live |
| Vulnerability | CVE-2025-39470cve-2025-39470 | 0% | live |
| Vulnerability | CVE-2025-39475cve-2025-39475 | 0% | live |
| Vulnerability | CVE-2025-39491cve-2025-39491 | 0% | live |
| Vulnerability | CVE-2025-41723cve-2025-41723 | 0% | live |
| Vulnerability | CVE-2025-41736cve-2025-41736 | 0% | live |
| Vulnerability | CVE-2025-42937cve-2025-42937 | 0% | live |
| Vulnerability | CVE-2025-47649cve-2025-47649 | 0% | live |
| Vulnerability | CVE-2025-48090cve-2025-48090 | 0% | live |
| Vulnerability | CVE-2025-49295cve-2025-49295 | 0% | live |
| Vulnerability | CVE-2025-49296cve-2025-49296 | 0% | live |
| Vulnerability | CVE-2025-49297cve-2025-49297 | 0% | live |
| Vulnerability | CVE-2025-52810cve-2025-52810 | 0% | live |
| Vulnerability | CVE-2025-52811cve-2025-52811 | 0% | live |
| Vulnerability | CVE-2025-59793cve-2025-59793 | 0% | live |
| Vulnerability | RARLAB WinRAR Path Traversal Vulnerabilitycve-2025-8088 | 0% | live |
| Vulnerability | CVE-2026-20034cve-2026-20034 | 0% | live |
| Vulnerability | CVE-2026-25705cve-2026-25705 | 0% | live |
| Vulnerability | CVE-2026-42930cve-2026-42930 | 0% | live |
| Vulnerability | CVE-2026-45495cve-2026-45495 | 0% | live |
| Vulnerability | CVE-2026-7302cve-2026-7302 | 0% | live |
| KEVEntry | RARLAB WinRAR Path Traversal Vulnerabilitykev-cve-2025-8088 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.