CWE-426— Untrusted Search Path
528 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-426page 11 of 11
- CVE-2026-0662HIGHCVSS 7.8EG 7.82026-02-04
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
- CVE-2026-20943HIGHCVSS 7.0EG 7.02026-01-13
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-21280HIGHCVSS 8.6EG 8.62026-01-13
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical…
- CVE-2026-21508HIGHCVSS 7.0EG 7.02026-02-10
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
- CVE-2026-23512HIGHCVSS 8.6EG 8.62026-01-14
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when u…
- CVE-2026-23888MEDIUMCVSS 6.5EG 6.52026-01-26
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) …
- CVE-2026-24051HIGHCVSS 7.0EG 7.02026-02-02
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/ho…
- CVE-2026-24070HIGHCVSS 8.8EG 8.82026-02-02
During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permission…
- CVE-2026-2516HIGHCVSS 7.0EG 7.02026-02-15
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locall…
- CVE-2026-2538HIGHCVSS 7.0EG 7.02026-02-16
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a re…
- CVE-2026-2542HIGHCVSS 7.0EG 7.02026-02-16
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. …
- CVE-2026-25880HIGHCVSS 7.8EG 7.82026-02-09
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”.…
- CVE-2026-25992HIGHCVSS 7.5EG 7.52026-02-10
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can…
- CVE-2026-27290HIGHCVSS 8.6EG 8.62026-04-14
Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate cr…
- CVE-2026-30906HIGHCVSS 7.8EG 7.82026-05-13
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2026-35368HIGHCVSS 7.8EG 7.82026-04-22
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based sys…
- CVE-2026-35603HIGHCVSS 7.3EG 7.32026-04-17
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access p…
- CVE-2026-3780HIGHCVSS 7.3EG 7.32026-04-01
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same…
- CVE-2026-39883HIGHCVSS 7.0EG 7.02026-04-08
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH …
- CVE-2026-40156HIGHCVSS 7.8EG 7.82026-04-10
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_fr…
- CVE-2026-40287HIGHCVSS 8.4EG 8.42026-04-14
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (impor…
- CVE-2026-40947LOWCVSS 2.9EG 2.92026-04-16
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.
- CVE-2026-42830MEDIUMCVSS 6.5EG 6.52026-05-12
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
- CVE-2026-44477CRITICALCVSS 9.9EG 9.92026-05-28
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local …
- CVE-2026-45721CRITICALCVSS 9.0EG 9.02026-05-19
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured ser…
- CVE-2026-45772CRITICALCVSS 9.8EG 9.82026-05-15
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn confi…
- CVE-2026-6421HIGHCVSS 7.0EG 7.02026-04-17
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is…
- CVE-2026-7309MEDIUMCVSS 4.3EG 4.32026-04-28
A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfig…
Map vulnerabilities like CWE-426 to your infrastructure
EchelonGraph correlates every CVE — across CWE-426 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →