CWE-426 (Untrusted Search Path) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| operating_system | — | Not OS-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-54055 | 2026-06-12 | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the … |
| CVE-2026-53819 | 2026-06-11 | OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to … |
| CVE-2026-48565 | 2026-06-09 | Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. |
| CVE-2026-47648 | 2026-06-09 | Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. |
| CVE-2026-24064 | 2026-06-09 | Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime enti… |
| CVE-2026-11401 | 2026-06-05 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to t… |
| CVE-2026-11400 | 2026-06-05 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to… |
| CVE-2026-44477 | 2026-05-28 | CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as th… |
| CVE-2026-45721 | 2026-05-26 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent … |
| CVE-2026-45772 | 2026-05-15 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposit… |
| CVE-2026-30906 | 2026-05-13 | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. |
| CVE-2026-0251 | 2026-05-13 | Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and… |
| CVE-2026-42830 | 2026-05-12 | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| CVE-2026-7309 | 2026-04-28 | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-bui… |
| CVE-2026-35368 | 2026-04-22 | A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropp… |
| CVE-2026-35603 | 2026-04-17 | Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without val… |
| CVE-2026-6421 | 2026-04-17 | A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has … |
| CVE-2026-40947 | 2026-04-16 | Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path. |
| CVE-2026-27290 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the appl… |
| CVE-2026-40287 | 2026-04-14 | PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directo… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-01-12 | CWE Content Team | 1.2 | — | updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, Relationships, Time_of_Introduction |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Demonstrative_Examples, Potential_Mitigations |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated References |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated References, Relationships |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Applicable_Platforms |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Detection_Factors, Potential_Mitigations |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Description, Relationships |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Demonstrative_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Demonstrative_Examples, References |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated Demonstrative_Examples, References, Relationships, Type |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Related_Attack_Patterns |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Related_Attack_Patterns, Relationships |
| 2019-09-19 | CWE Content Team | 3.4 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References, Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Demonstrative_Examples |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Research_Gaps |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships, Time_of_Introduction |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-07-16 | CWE Content Team | 4.15 | — | updated Demonstrative_Examples |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |