目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-426 不可信的搜索路径 类漏洞列表 208

CWE-426 不可信的搜索路径 类弱点 208 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-426 属于不信任搜索路径漏洞,指程序使用外部提供的路径查找关键资源,导致可能访问不受控的文件。攻击者常通过操纵环境变量或配置,将恶意程序或数据注入搜索路径,从而执行任意代码或窃取敏感信息。开发者应避免使用动态搜索路径,改用硬编码的绝对路径,或严格验证路径来源及权限,确保仅加载受信任目录下的资源,以阻断攻击链。

MITRE CWE 官方描述
CWE:CWE-426 不受信任的搜索路径 (Untrusted Search Path) 英文:该产品使用外部提供的搜索路径来搜索关键资源,该路径可能指向不受该产品直接控制的资源。 这可能导致攻击者执行其自己的程序、访问未经授权的数据文件或以意外方式修改配置。如果产品使用搜索路径来定位关键资源(如程序),则攻击者可以修改该搜索路径以指向恶意程序,目标产品随后将执行该程序。此问题扩展到产品所信任的任何类型的关键资源。不受信任的搜索路径的一些最常见变体包括:在各种 UNIX 和基于 Linux 的系统中,可能会查阅 PATH 环境变量来定位可执行程序,并使用 LD_PRELOAD 来定位单独的库。在各种基于 Microsoft 的系统中,如果未在其他出现在搜索顺序前面的路径中找到 DLL,则会查阅 PATH 环境变量来定位 DLL。
常见影响 (3)
Integrity, Confidentiality, Availability, Access ControlGain Privileges or Assume Identity, Execute Unauthorized Code or Commands
There is the potential for arbitrary code execution with privileges of the vulnerable program.
AvailabilityDoS: Crash, Exit, or Restart
The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format.
ConfidentialityRead Files or Directories
The program could send the output of unauthorized files to the attacker.
缓解措施 (5)
Architecture and Design, ImplementationHard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
ImplementationWhen invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code ref…
ImplementationRemove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
ImplementationCheck your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
ImplementationUse other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
代码示例 (2)
This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.
#define DIR "/restricted/directory" char cmd[500]; sprintf(cmd, "ls -l %480s", DIR); /* Raise privileges to those needed for accessing DIR. */ RaisePrivileges(...); system(cmd); DropPrivileges(...); ...
Bad · C
The user sets the PATH to reference a directory under the attacker's control, such as "/my/dir/". The attacker creates a malicious program called "ls", and puts that program in /my/dir The user executes the program. When system() is executed, the shell consults the PATH to find the ls program The program finds the attacker's malicious program, "/my/dir/ls". It doesn't find "/bin/ls" because PATH does not contain "/bin/". The program executes the attacker's malicious program with the raised privileges.
Attack
The following code from a system utility uses the system property APPHOME to determine the directory in which it is installed and then executes an initialization script based on a relative path from the specified directory.
... String home = System.getProperty("APPHOME"); String cmd = home + INITCMD; java.lang.Runtime.getRuntime().exec(cmd); ...
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-53865 OpenClaw <2026.5.2 通过工作区派生服务PATH任意命令执行漏洞 — OpenClaw 7.1 High2026-06-16
CVE-2026-53858 OpenClaw <2026.5.2 任意运行时依赖加载漏洞 — OpenClaw 7.1 High2026-06-16
CVE-2026-53846 OpenClaw <2026.4.29 远程代码执行漏洞 — OpenClaw 7.1 High2026-06-16
CVE-2026-53842 OpenClaw <2026.5.2 通过CLOUDSDK_PYTHON环境变量执行任意Python代码漏洞 — OpenClaw 7.1 High2026-06-16
CVE-2026-53819 OpenClaw 代码问题漏洞 — OpenClaw 8.8 High2026-06-11
CVE-2026-48565 Microsoft Windows 代码问题漏洞 — Windows Narrator Braille 7.8 High2026-06-09
CVE-2026-47648 Microsoft Windows Storage 代码问题漏洞 — Windows 10 Version 1607 7.0 High2026-06-09
CVE-2026-24064 Waves Central 代码问题漏洞 — Waves Central--2026-06-09
CVE-2026-11401 Amazon Web Services Advanced Go Wrapper 安全漏洞 — AWS Advanced Go Wrapper 8.0 High2026-06-05
CVE-2026-11400 Amazon Web Services JDBC Driver 安全漏洞 — AWS Advanced JDBC Wrapper 8.0 High2026-06-05
CVE-2026-45772 Turborepo 代码问题漏洞 — turborepo--2026-05-15
CVE-2026-0251 Palo Alto Networks GlobalProtect app 代码问题漏洞 — GlobalProtect App--2026-05-13
CVE-2026-30906 Zoom Rooms for Windows 代码问题漏洞 — Zoom Rooms 7.8 High2026-05-13
CVE-2026-42830 Microsoft Azure Monitor Agent 代码问题漏洞 — Azure Monitor Agent Metrics Extension 6.5 Medium2026-05-12
CVE-2026-7309 Red Hat OpenShift Container Platform 代码问题漏洞 — Red Hat OpenShift Container Platform 4 4.3 Medium2026-04-28
CVE-2026-35368 uutils coreutils 代码问题漏洞 — coreutils 7.2 High2026-04-22
CVE-2026-35603 Claude Code 安全漏洞 — claude-code 7.3AIHighAI2026-04-17
CVE-2026-40947 Yubico多款产品 安全漏洞 — libfido2 2.9 Low2026-04-15
CVE-2026-27290 Adobe Framemaker 代码问题漏洞 — Adobe Framemaker 8.6 High2026-04-14
CVE-2026-39883 OpenTelemetry-Go 代码问题漏洞 — opentelemetry-go 9.8AICriticalAI2026-04-08
CVE-2025-39666 Checkmk 安全漏洞 — Checkmk 7.8AIHighAI2026-04-07
CVE-2022-4987 Belden Hirschmann Industrial HiVision 代码问题漏洞 — Hirschmann Industrial HiVision 7.3 High2026-04-03
CVE-2026-3780 Foxit PDF Reader和Foxit PDF Editor 安全漏洞 — Foxit PDF Reader 7.3 High2026-04-01
CVE-2026-33156 ScreenToGif 安全漏洞 — ScreenToGif 7.8 High2026-03-20
CVE-2026-25792 GreenShot 代码问题漏洞 — greenshot 6.5 Medium2026-03-20
CVE-2026-32032 OpenClaw 代码问题漏洞 — OpenClaw 7.8 High2026-03-19
CVE-2026-32016 OpenClaw 代码问题漏洞 — OpenClaw 7.8 High2026-03-19
CVE-2026-32015 OpenClaw 代码问题漏洞 — OpenClaw 7.8 High2026-03-19
CVE-2026-32009 OpenClaw 代码问题漏洞 — OpenClaw 5.7 Medium2026-03-19
CVE-2026-21333 Adobe Illustrator 代码问题漏洞 — Illustrator 8.6 High2026-03-10

CWE-426(不可信的搜索路径) 是常见的弱点类别,本平台收录该类弱点关联的 208 条 CVE 漏洞。