CVEbaza.plSłownik CWECWE-426
Common Weakness Enumeration

CWE-426

Untrusted Search Path

Kategoria: BaseCVE: 730
Opis

Produkt wyszukuje krytyczne zasoby, używając zewnętrznie dostarczonej ścieżki wyszukiwania, która może wskazywać na zasoby niebędące pod bezpośrednią kontrolą produktu. To może pozwolić atakującemu na dostarczenie złośliwych zasobów zamiast oczekiwanych.

Description (EN)

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Podatności CVE z CWE-426 (730)
9.8
CVSS
CRITICAL
CVE-2025-26155

NCP Secure Enterprise Client 13.18 oraz NCP Secure Entry Windows Client 13.19 zawierają podatność typu Untrusted Search Path (CWE-426), umożliwiającą atakującemu podstawienie złośliwego pliku wykonywalnego lub biblioteki. Podatność otrzymała ocenę CVSS 9.8, co klasyfikuje ją jako krytyczną.

pub. 2025-11-26
9.8
CVSS
CRITICAL
CVE-2024-38462

iRODS w wersjach przed 4.3.2 zawiera funkcję msiSendMail, która w sposób problematyczny zależy od zewnętrznego programu mail w systemie operacyjnym. Podatność sklasyfikowana jako CWE-426 (Untrusted Search Path) pozwala potencjalnie na wykonanie niezaufanego kodu poprzez manipulację ścieżką do wywoływanego pliku binarnego.

pub. 2024-06-16
9.8
CVSS
CRITICAL
CVE-2023-30330

SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.

pub. 2023-05-12
9.8
CVSS
CRITICAL
CVE-2022-24826

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious repository contains files named `..exe` and `cygpath.exe`, and `cygpath.exe` is not found in `PATH`, the `..exe` program will be executed when certain Git LFS commands are run. More generally, if the current working directory contains any file with a base name of `.` and a file extension from `PATHEXT` (except `.bat` and `.cmd`), and also contains another file with the same base name as a program Git LFS intends to execute (such as `git`, `cygpath`, or `uname`) and any file extension from `PATHEXT` (including `.bat` and `.cmd`), then, on Windows, when Git LFS attempts to execute the intended program the `..exe`, `..com`, etc., file will be executed instead, but only if the intended program is not found in any directory listed in `PATH`. The vulnerability occurs because when Git LFS detects that the program it intends to run does not exist in any directory listed in `PATH` then Git LFS passes an empty string as the executable file path to the Go `os/exec` package, which contains a bug such that, on Windows, it prepends the name of the current working directory (i.e., `.`) to the empty string without adding a path separator, and as a result searches in that directory for a file with the base name `.` combined with any file extension from `PATHEXT`, executing the first one it finds. (The reason `..bat` and `..cmd` files are not executed in the same manner is that, although the Go `os/exec` package tries to execute them just as it does a `..exe` file, the Microsoft Win32 API `CreateProcess()` family of functions have an undocumented feature in that they apparently recognize when a caller is attempting to execute a batch script file and instead run the `cmd.exe` command interpreter, passing the full set of command line arguments as parameters. These are unchanged from the command line arguments set by Git LFS, and as such, the intended program's name is the first, resulting in a command line like `cmd.exe /c git`, which then fails.) Git LFS has resolved this vulnerability by always reporting an error when a program is not found in any directory listed in `PATH` rather than passing an empty string to the Go `os/exec` package in this case. The bug in the Go `os/exec` package has been reported to the Go project and is expected to be patched after this security advisory is published. The problem was introduced in version 2.12.1 and is patched in version 3.1.3. Users of affected versions should upgrade to version 3.1.3. There are currently no known workarounds at this time.

pub. 2022-04-20
9.8
CVSS
CRITICAL
CVE-2022-26184

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

pub. 2022-03-21
9.8
CVSS
CRITICAL
CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

pub. 2021-10-27
9.8
CVSS
CRITICAL
CVE-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

pub. 2020-07-17
9.8
CVSS
CRITICAL
CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

pub. 2018-11-23
9.8
CVSS
CRITICAL
CVE-2017-12414

Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.

pub. 2017-08-03
9.8
CVSS
CRITICAL
CVE-2017-2225

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

pub. 2017-07-07
9.6
CVSS
CRITICAL
CVE-2025-49457

Podatność klasy untrusted search path (CWE-426) w wybranych klientach Zoom dla systemu Windows umożliwia nieuwierzytelnionemu atakującemu przeprowadzenie ataku privilege escalation poprzez dostęp sieciowy. Wysoki wynik CVSS 9.6 i kategoria CRITICAL wskazują na poważne zagrożenie dla środowisk korporacyjnych używających oprogramowania Zoom.

pub. 2025-08-12
9.4
CVSS
CRITICAL
CVE-2026-44477

Podatność w platformie CloudNativePG umożliwia atakującemu z ograniczonym dostępem odzyskanie pełnych uprawnień superużytkownika PostgreSQL, a następnie wykonanie dowolnych poleceń systemowych wewnątrz poda Kubernetes. Ze względu na krytyczny wynik CVSS 9.4 i możliwość przejęcia kontroli nad procesem bazodanowym stanowi poważne zagrożenie dla środowisk produkcyjnych.

pub. 2026-05-28
9.3
CVSS
CRITICAL
CVE-2025-39666

Podatność w Checkmk umożliwia lokalnemu użytkownikowi witryny (site user) eskalację uprawnień do poziomu root. Stanowi poważne zagrożenie dla systemów monitoringu, gdzie przejęcie konta root daje pełną kontrolę nad serwerem.

pub. 2026-04-07
9.3
CVSS
CRITICAL
CVE-2025-65078

W komponencie Embedded Solutions Framework obecnym w różnych urządzeniach Lexmark zidentyfikowano podatność typu untrusted search path. Umożliwia ona zdalnemu atakującemu wykonanie dowolnego kodu bez uwierzytelnienia, co czyni ją zagrożeniem krytycznym.

pub. 2026-02-03
9.3
CVSS
CRITICAL
CVE-2024-58250

Podatność w pluginie passprompt demona pppd w pakiecie ppp przed wersją 2.5.2 polega na nieprawidłowej obsłudze uprawnień (CWE-426 — untrusted search path). Jest to krytyczna luka, ponieważ może umożliwić nieuprzywilejowanemu atakującemu eskalację uprawnień z wpływem na poufność, integralność i dostępność systemu.

pub. 2025-04-22
9.3
CVSS
HIGH
CVE-2015-0096

Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."

pub. 2015-03-11
9.3
CVSS
HIGH
CVE-2011-5158

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.

pub. 2012-09-07
9.3
CVSS
HIGH
CVE-2012-2040

Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.

pub. 2012-06-09
9.3
CVSS
HIGH
CVE-2011-2019

Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

pub. 2011-12-14
9.3
CVSS
HIGH
CVE-2011-3691

Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

pub. 2011-09-27
Pokazano 20 z 730 podatności
Informacje
ID: CWE-426
Typ: Base
Podatności: 730
MITRE CWE ↗
← Słownik CWE
CWE-426 — Niezaufana ścieżka wyszukiwania | Słownik CWE | CVEbaza.pl