目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-427 对搜索路径元素未加控制 类漏洞列表 573

CWE-427 对搜索路径元素未加控制 类弱点 573 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-427 属于路径遍历类漏洞,指程序在搜索资源时,其路径中包含可由攻击者控制的目录。攻击者通常通过在该目录下放置恶意文件或库,诱导程序加载并执行,从而劫持系统控制权。开发者应避免使用相对路径或不可信的环境变量,转而采用绝对路径,并严格限制相关目录的写入权限,以确保资源加载的安全性。

MITRE CWE 官方描述
CWE:CWE-427 Uncontrolled Search Path Element(不受控制的搜索路径元素) 英文:产品使用固定或受控的搜索路径来查找资源,但该路径中的一个或多个位置可能受到非预期行为者的控制。 尽管此弱点可能出现在任何类型的资源中,但它通常在产品使用目录搜索路径来查找可执行文件或代码库时被引入,而该路径包含一个可由攻击者修改的目录,例如 "/tmp" 或当前工作目录。在基于 Windows 的系统中,当调用 `LoadLibrary` 或 `LoadLibraryEx` 函数且 DLL 名称不包含完全限定路径时,该函数遵循的搜索顺序包括两个可能不受控制的搜索路径元素:程序加载所在的目录和当前工作目录。在某些情况下,攻击可以远程进行,例如在使用 SMB 或 WebDAV 网络共享时。该路径中的一个或多个位置可能包括 Windows 驱动器根目录或其子目录。这通常存在于基于 Linux 的代码中,这些代码假设根目录(/)或其子目录(/etc 等)是受控的,或者存在递归访问父目录的代码。在 Windows 中,驱动器根目录及其某些子目录默认具有较弱的权限,这使得它们不受控制。在某些基于 Unix 的系统中,可能会创建一个包含空元素的 PATH,例如通过将空变量拼接到 PATH 中。这个空元素可能被解释为等同于当前工作目录,这可能是一个不受信任的搜索元素。在软件包管理框架(例如 npm、RubyGems 或 PyPi)中,框架可能会识别对第三方库或其他包的依赖,然后查询包含所需包的存储库。框架可能会在私有存储库之前搜索公共存储库。攻击者可以通过在公共存储库中放置一个与私有存储库中的包同名的恶意包来利用这一点。搜索路径可能不直接由依赖框架的开发者控制,但这种搜索顺序实际上包含了一个不受信任的元素。
常见影响 (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
缓解措施 (5)
Architecture and Design, ImplementationHard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
ImplementationWhen invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code ref…
ImplementationRemove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
ImplementationCheck your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory. Since this is a denylist approach, it might not be a complete solution.
ImplementationUse other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of finding the program using the PATH environment variable, while execl() and execv() require a full path.
代码示例 (2)
The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directo…
... System.Runtime.getRuntime().exec("make"); ...
Bad · Java
In versions of Go prior to v1.19, the LookPath function would follow the conventions of the runtime OS and look for a program in the directiories listed in the current path [REF-1325].
func ExecuteGitCommand(name string, arg []string) error { c := exec.Command(name, arg...) var err error c.Path, err = exec.LookPath(name) if err != nil { return err } }
Bad · Go
CVE ID标题CVSS风险等级Published
CVE-2026-11958 ANSSI DFIR-ORC 本地提权漏洞 — DFIR-ORC--2026-06-18
CVE-2026-12003 CPython >3.11 不安全的输入验证导致权限提升漏洞 — CPython--2026-06-16
CVE-2024-22451 Dell Peripheral Manager 权限许可和访问控制问题漏洞 — Peripheral Manager 6.7 Medium2026-06-16
CVE-2024-22447 Dell Peripheral Manager 权限许可和访问控制问题漏洞 — Peripheral Manager 6.7 Medium2026-06-16
CVE-2026-5064 HP One Agent Software 权限许可和访问控制问题漏洞 — HP One Agent Software--2026-06-15
CVE-2026-50100 RICOH Multiple printer drivers 权限许可和访问控制问题漏洞 — Multiple printer drivers--2026-06-15
CVE-2026-11967 Mobatek MobaXterm Personal Edition 权限许可和访问控制问题漏洞 — MobaXterm Personal Edition (Portable)--2026-06-12
CVE-2026-11879 mobatek mobaxterm 权限许可和访问控制问题漏洞 — MobaXterm Personal Edition (Portable)--2026-06-12
CVE-2026-53813 OpenClaw 代码问题漏洞 — OpenClaw 7.8 High2026-06-11
CVE-2026-7870 IBM i 代码问题漏洞 — i 8.8 High2026-06-11
CVE-2026-10847 Check Point Identity Agent Full 代码问题漏洞 — Identity Agent 7.8 High2026-06-11
CVE-2026-8637 Lenovo LanSchool Classic 代码问题漏洞 — LanSchool Classic 7.8 High2026-06-10
CVE-2026-47937 Adobe Acrobat Reader 代码问题漏洞 — Acrobat Reader 7.4 High2026-06-09
CVE-2026-41567 Moby 代码问题漏洞 — moby/v2/daemon 7.2 High2026-06-05
CVE-2026-44682 Acronis DeviceLock DLP 代码问题漏洞 — Acronis DeviceLock DLP--2026-06-03
CVE-2026-50033 Acronis DeviceLock DLP 代码问题漏洞 — Acronis DeviceLock DLP--2026-06-03
CVE-2026-44609 Acronis DeviceLock DLP 代码问题漏洞 — Acronis DeviceLock DLP--2026-06-03
CVE-2026-44358 Espressif Shared GitHub DangerJS 安全漏洞 — shared-github-dangerjs 8.2 High2026-05-28
CVE-2026-47274 pam_usb 代码问题漏洞 — pam_usb 6.3 Medium2026-05-27
CVE-2023-52945 Synology BeeDrive 代码问题漏洞 — BeeDrive for desktop 7.8 High2026-05-27
CVE-2025-41670 Phoenix Contact多款产品 代码问题漏洞 — AXC F 1152 7.8 High2026-05-27
CVE-2025-14575 Qt 代码问题漏洞 — Qt--2026-05-19
CVE-2026-32323 Mullvad VPN desktop and mobile app 安全漏洞 — mullvadvpn-app 7.3 High2026-05-19
CVE-2026-47092 Claude HUD 代码问题漏洞 — claude-hud 7.8 High2026-05-18
CVE-2025-62628 AMD AIM-T Manageability Service 代码问题漏洞 — AIM-T Manageability Service--2026-05-14
CVE-2024-47091 Checkmk 代码问题漏洞 — Checkmk--2026-05-13
CVE-2026-44612 Bytello Share 代码问题漏洞 — Bytello Share (Windows Edition) installer executable--2026-05-13
CVE-2026-45004 OpenClaw 代码问题漏洞 — OpenClaw 7.8 High2026-05-11
CVE-2026-44406 ZTE Cloud PC client uSmartView 代码问题漏洞 — ZXCLOUD iRAI 5.7 Medium2026-05-07
CVE-2026-40004 ZTE ZXCLOUD iRAI 代码问题漏洞 — ZXCLOUD iRAI 5.5 Medium2026-05-07

CWE-427(对搜索路径元素未加控制) 是常见的弱点类别,本平台收录该类弱点关联的 573 条 CVE 漏洞。