CWE · MITRE source
CWE-35Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-36991 | 7.1 | 7.5 | 0.9352 | 2024-07-01 |
CVE-2020-26073 | 7.0 | 7.5 | 0.9093 | 2024-11-18 |
CVE-2025-24786 | 5.1 | 10.0 | 0.5182 | 2025-02-06 |
CVE-2024-2863 | 4.5 | 5.3 | 0.5677 | 2024-03-25 |
CVE-2025-8088 KEV | 4.3 | 8.8 | 0.0829 | 2025-08-08 |
CVE-2023-32714 | 2.9 | 8.1 | 0.2067 | 2023-06-01 |
CVE-2020-27130 | 2.7 | 9.1 | 0.1410 | 2020-11-17 |
CVE-2018-3744 | 2.0 | 9.8 | 0.0043 | 2018-05-29 |
CVE-2024-39171 | 2.0 | 9.8 | 0.0096 | 2024-07-09 |
CVE-2025-30515 | 2.0 | 9.8 | 0.0038 | 2025-06-09 |
CVE-2025-42937 | 2.0 | 9.8 | 0.0026 | 2025-10-14 |
CVE-2025-41723 | 2.0 | 9.8 | 0.0014 | 2025-10-22 |
CVE-2025-27222 | 2.0 | 8.6 | 0.0512 | 2025-10-27 |
CVE-2025-59793 | 2.0 | 9.9 | 0.0075 | 2026-02-17 |
CVE-2023-39916 | 1.9 | 9.3 | 0.0015 | 2023-09-13 |
CVE-2024-40505 | 1.9 | 9.3 | 0.0058 | 2024-07-16 |
CVE-2024-56045 | 1.9 | 9.3 | 0.0020 | 2024-12-31 |
CVE-2023-46690 | 1.8 | 8.8 | 0.0104 | 2023-11-30 |
CVE-2024-47169 | 1.8 | 8.8 | 0.0115 | 2024-09-26 |
CVE-2024-21575 | 1.8 | 8.6 | 0.0132 | 2024-12-12 |
CVE-2025-47649 | 1.8 | 8.8 | 0.0036 | 2025-05-07 |
CVE-2025-41736 | 1.8 | 8.8 | 0.0056 | 2025-11-18 |
CVE-2026-20034 | 1.8 | 8.8 | 0.0036 | 2026-05-06 |
CVE-2024-41973 | 1.7 | 8.1 | 0.0182 | 2024-11-18 |
CVE-2024-52447 | 1.7 | 8.6 | 0.0038 | 2024-11-20 |