4 vulnerabilities classified as CWE-403 (将文件描述符暴露给不受控制的范围(文件描述符泄露)). AI Chinese analysis included.
CWE-403 represents a critical resource management weakness where a parent process fails to close sensitive file descriptors before spawning a child process. This oversight allows the child process to inherit and utilize these open descriptors, potentially enabling unauthorized input or output operations that bypass intended security controls. Attackers typically exploit this vulnerability by manipulating the child process to read or write to restricted resources, such as configuration files or memory-mapped areas, which were accessible to the privileged parent but should remain isolated. To mitigate this risk, developers must explicitly close unnecessary file descriptors immediately before executing child processes. Implementing strict file descriptor inheritance policies, utilizing secure API calls that automatically close descriptors, and conducting rigorous code reviews for resource handling are essential practices to prevent unintended exposure and maintain proper isolation between process control spheres.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40042 | Pachno 1.0.6 Wiki TextParser XML External Entity Injection — Pachno | 9.8 | Critical | 2026-04-13 |
| CVE-2025-15114 | Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability — lares | 9.8 | Critical | 2025-12-30 |
| CVE-2024-58280 | CMSimple 5.15 Remote Command Execution via Extensions Configuration — CMSimple | 8.8AI | HighAI | 2025-12-10 |
| CVE-2024-21626 | runc container breakout through process.cwd trickery and leaked fds — runc | 8.6 | High | 2024-01-31 |
Vulnerabilities classified as CWE-403 (将文件描述符暴露给不受控制的范围(文件描述符泄露)) represent 4 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.