Cwe 22

🧬 CWE Related 96

slug: cwe-22

Explanation

CWE-22は「ファイル名のパスをユーザー入力から組み立てるとき、`../` のような相対パス記号をきちんと無害化せず、本来アクセスできないファイルを読み書きされてしまう欠陥」のことです。ファイルダウンロード機能・画像表示機能・テンプレート機能でよく見られます。対策は「絶対パスへの正規化 + 許可されたディレクトリ内かのチェック」、または「ファイル名にIDのみを使い、パス記号を一切使わない設計」。

📌 Example

CVE-2024-57726 (SimpleHelp): zipファイル展開時のZip Slip攻撃で、サーバー上の任意の場所にファイル書き込みされる脆弱性。CISA KEV入り。

🔗 Related links

MITRE CWE-22 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 100

ID	Title	Severity	Detected
CVE-2026-42605	Path Traversal in path-traversal (CVE-2026-42605)	High	2 hours ago
CVE-2026-42574	Path Traversal in CVE-2026-42574 (CVE-2026-42574)	High	2 hours ago
CVE-2026-42351	Path Traversal in CVE-2026-42351 (CVE-2026-42351)	High	23 hours ago
CVE-2026-42213	Path Traversal in CVE-2026-42213 (CVE-2026-42213)		1 day ago
CVE-2026-7807	Path Traversal in CVE-2026-7807 (CVE-2026-7807)	High	1 day ago
CVE-2026-42028	Path Traversal in path-traversal (CVE-2026-42028)	Medium	1 day ago
CVE-2026-41887	Path Traversal in CVE-2026-41887 (CVE-2026-41887)	Medium	1 day ago
CVE-2026-38360	Path Traversal in path-traversal (CVE-2026-38360)	Critical	1 day ago
CVE-2026-42353	Path Traversal in express (CVE-2026-42353)	High	1 day ago
CVE-2026-41690	Path Traversal in express (CVE-2026-41690)	High	1 day ago
CVE-2026-41885	Path Traversal in CVE-2026-41885 (CVE-2026-41885)	Medium	1 day ago
CVE-2026-41693	Path Traversal in CVE-2026-41693 (CVE-2026-41693)	High	1 day ago
CVE-2026-44340	Path Traversal in praison (CVE-2026-44340)	High	1 day ago
CVE-2026-44336	Vulnerability in praison (CVE-2026-44336)	Critical	1 day ago
CVE-2026-41493	Path Traversal in path-traversal (CVE-2026-41493)		1 day ago
CVE-2026-41491	Path Traversal in path-traversal (CVE-2026-41491)	High	1 day ago
CVE-2026-8069	Path Traversal in privilege-escalation (CVE-2026-8069)		1 day ago
CVE-2026-44298	Path Traversal in kimai/kimai (CVE-2026-44298)	Medium	1 day ago
CVE-2026-43940	Path Traversal in electerm (CVE-2026-43940)	High	1 day ago
CVE-2026-42275	Path Traversal in path-traversal (CVE-2026-42275)	High	1 day ago
CVE-2026-8116	Path Traversal in path-traversal (CVE-2026-8116)	Medium	1 day ago
CVE-2026-8115	Path Traversal in path-traversal (CVE-2026-8115)	Medium	1 day ago
CVE-2026-8113	Path Traversal in path-traversal (CVE-2026-8113)	Medium	2 days ago
CVE-2026-41691	Path Traversal in path-traversal (CVE-2026-41691)	Medium	2 days ago
CVE-2026-43117	Vulnerability in linux (CVE-2026-43117)	Critical	3 days ago
CVE-2026-35397	Path Traversal in jupyter-server (CVE-2026-35397)	High	4 days ago
CVE-2026-43067	Vulnerability in linux (CVE-2026-43067)	Critical	4 days ago
CVE-2024-1708 KEV	[KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)	High	1 week ago
CVE-2024-57728 KEV	[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)	High	2 weeks ago
CVE-2024-7399 KEV	[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)	High	2 weeks ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →