CWE-41 27 个 CVE MITRE 定义 ↗

CWE-41:Improper Resolution of Path Equivalence

概览

CWE-41(Improper Resolution of Path Equivalence)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2026-49401 2026-06-23 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path sup…
CVE-2026-50568 2026-06-10 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/uti…
CVE-2026-5816 2026-04-22 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript…
CVE-2026-34510 2026-04-01 OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit th…
CVE-2026-34451 2026-03-31 Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in th…
CVE-2026-23674 2026-03-10 Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-58290 2025-10-11 Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-43298 2025-09-15 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain…
CVE-2025-54107 2025-09-09 Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2024-8765 2025-03-20 In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. Thi…
CVE-2024-6839 2025-03-20 corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to…
CVE-2025-0115 2025-03-12 A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (…
CVE-2025-21247 2025-03-11 Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-24470 2025-02-11 An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve …
CVE-2025-21332 2025-01-14 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329 2025-01-14 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21328 2025-01-14 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21269 2025-01-14 Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21268 2025-01-14 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21219 2025-01-14 MapUrlToZone Security Feature Bypass Vulnerability

曾用名

  • Path Equivalence (2008-04-11)
  • Failure to Resolve Path Equivalence (2009-05-27)

内容提交

名称
PLOVER
日期
2006-07-19
版本
Draft 3

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings, Type
2008-10-14 CWE Content Team 1.0.1 updated Description
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Relationships
2009-05-27 CWE Content Team 1.4 updated Name
2009-07-27 CWE Content Team 1.5 updated Potential_Mitigations
2011-03-29 CWE Content Team 1.12 updated Other_Notes, Potential_Mitigations, Relationship_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Observed_Examples, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Detection_Factors, Relationships
2017-11-08 CWE Content Team 3.0 updated Affected_Resources, Applicable_Platforms, Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns
2020-02-24 CWE Content Team 4.0 updated Potential_Mitigations, Relationships
2020-06-25 CWE Content Team 4.1 updated Observed_Examples, Potential_Mitigations, Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2024-02-29 CWE Content Team 4.14 updated Observed_Examples
2025-09-09 CWE Content Team 4.18 updated Detection_Factors, Functional_Areas, References
2025-12-11 CWE Content Team 4.19 updated Observed_Examples, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence