CWE-41Improper Resolution of Path Equivalence

Abstraction: Base · CVEs in our corpus: 25

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control	Title	Family	Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2025-24470`	1.8	8.6	0.0067	2025-02-11
`CVE-2024-30036`	1.7	6.5	0.0717	2024-05-14
`CVE-2023-36396`	1.6	7.8	0.0049	2023-11-14
`CVE-2024-30073`	1.6	7.8	0.0032	2024-09-10
`CVE-2025-43298`	1.6	7.8	0.0003	2025-09-15
`CVE-2026-5816`	1.6	8.0	0.0001	2026-04-22
`CVE-2024-8765`	1.5	7.3	0.0031	2025-03-20
`CVE-2026-23674`	1.5	7.5	0.0014	2026-03-10
`CVE-2022-0855`	1.3	6.1	0.0060	2022-03-04
`CVE-2023-46169`	1.3	6.5	0.0006	2024-03-07
`CVE-2024-45405`	1.2	6.0	0.0007	2024-09-06
`CVE-2024-6839`	1.1	5.3	0.0057	2025-03-20
`CVE-2026-34451`	1.1	5.4	0.0010	2026-03-31
`CVE-2026-34510`	1.1	5.3	0.0006	2026-04-01
`CVE-2025-21189`	0.9	4.3	0.0029	2025-01-14
`CVE-2025-21219`	0.9	4.3	0.0030	2025-01-14
`CVE-2025-21268`	0.9	4.3	0.0021	2025-01-14
`CVE-2025-21269`	0.9	4.3	0.0017	2025-01-14
`CVE-2025-21328`	0.9	4.3	0.0011	2025-01-14
`CVE-2025-21329`	0.9	4.3	0.0010	2025-01-14
`CVE-2025-21332`	0.9	4.3	0.0013	2025-01-14
`CVE-2025-21247`	0.9	4.3	0.0027	2025-03-11
`CVE-2025-54107`	0.9	4.3	0.0008	2025-09-09
`CVE-2025-58290`	0.7	3.3	0.0001	2025-10-11
`CVE-2025-0115`	0.0	0.0	0.0004	2025-03-12