4 vulnerabilities classified as CWE-40 (路径遍历:’\UNCsharename'(WindowsUNC共享)). AI Chinese analysis included.
CWE-40 represents a path traversal vulnerability specific to Windows environments, where applications improperly handle Uniform Naming Convention (UNC) paths. This weakness allows attackers to manipulate input strings containing the '\\UNC\share\name' format to redirect file access to unintended locations or arbitrary files outside the intended directory structure. Exploitation typically occurs when an application fails to validate or sanitize user-supplied UNC paths, enabling remote code execution or unauthorized data access by pointing to network shares with accessible credentials. To mitigate this risk, developers must rigorously validate all input parameters, ensuring that only expected, pre-approved paths are processed. Implementing strict allow-lists for permitted directories and utilizing secure API functions that resolve and normalize paths before access can prevent redirection attacks. Additionally, applying the principle of least privilege ensures that even if traversal occurs, the impact remains contained within restricted system boundaries.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27615 | ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE) — ADB-Explorer | 8.8AI | HighAI | 2026-02-25 |
| CVE-2025-32103 | CrushFTP 安全漏洞 — CrushFTP | 5.0 | Medium | 2025-04-15 |
| CVE-2023-29446 | Improper Input Validation in PTC's Kepware KEPServerEX — Kepware KEPServerEX | 4.7 | Medium | 2024-01-10 |
| CVE-2021-44548 | Apache Solr information disclosure vulnerability through DataImportHandler — Apache Solr | 8.8 | - | 2021-12-23 |
Vulnerabilities classified as CWE-40 (路径遍历:’\UNCsharename'(WindowsUNC共享)) represent 4 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.