目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-427 对搜索路径元素未加控制 类漏洞列表 545

CWE-427 对搜索路径元素未加控制 类弱点 545 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-427 属于路径遍历类漏洞,指程序在搜索资源时,其路径中包含可由攻击者控制的目录。攻击者通常通过在该目录下放置恶意文件或库,诱导程序加载并执行,从而劫持系统控制权。开发者应避免使用相对路径或不可信的环境变量,转而采用绝对路径,并严格限制相关目录的写入权限,以确保资源加载的安全性。

MITRE CWE 官方描述
CWE:CWE-427 Uncontrolled Search Path Element(不受控制的搜索路径元素) 英文:产品使用固定或受控的搜索路径来查找资源,但该路径中的一个或多个位置可能受到非预期行为者的控制。 尽管此弱点可能出现在任何类型的资源中,但它通常在产品使用目录搜索路径来查找可执行文件或代码库时被引入,而该路径包含一个可由攻击者修改的目录,例如 "/tmp" 或当前工作目录。在基于 Windows 的系统中,当调用 `LoadLibrary` 或 `LoadLibraryEx` 函数且 DLL 名称不包含完全限定路径时,该函数遵循的搜索顺序包括两个可能不受控制的搜索路径元素:程序加载所在的目录和当前工作目录。在某些情况下,攻击可以远程进行,例如在使用 SMB 或 WebDAV 网络共享时。该路径中的一个或多个位置可能包括 Windows 驱动器根目录或其子目录。这通常存在于基于 Linux 的代码中,这些代码假设根目录(/)或其子目录(/etc 等)是受控的,或者存在递归访问父目录的代码。在 Windows 中,驱动器根目录及其某些子目录默认具有较弱的权限,这使得它们不受控制。在某些基于 Unix 的系统中,可能会创建一个包含空元素的 PATH,例如通过将空变量拼接到 PATH 中。这个空元素可能被解释为等同于当前工作目录,这可能是一个不受信任的搜索元素。在软件包管理框架(例如 npm、RubyGems 或 PyPi)中,框架可能会识别对第三方库或其他包的依赖,然后查询包含所需包的存储库。框架可能会在私有存储库之前搜索公共存储库。攻击者可以通过在公共存储库中放置一个与私有存储库中的包同名的恶意包来利用这一点。搜索路径可能不直接由依赖框架的开发者控制,但这种搜索顺序实际上包含了一个不受信任的元素。
常见影响 (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
缓解措施 (5)
Architecture and Design, ImplementationHard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
ImplementationWhen invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code ref…
ImplementationRemove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
ImplementationCheck your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory. Since this is a denylist approach, it might not be a complete solution.
ImplementationUse other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of finding the program using the PATH environment variable, while execl() and execv() require a full path.
代码示例 (2)
The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directo…
... System.Runtime.getRuntime().exec("make"); ...
Bad · Java
In versions of Go prior to v1.19, the LookPath function would follow the conventions of the runtime OS and look for a program in the directiories listed in the current path [REF-1325].
func ExecuteGitCommand(name string, arg []string) error { c := exec.Command(name, arg...) var err error c.Path, err = exec.LookPath(name) if err != nil { return err } }
Bad · Go
CVE ID标题CVSS风险等级Published
CVE-2026-44406 中兴云PC客户端uSmartview DLL劫持漏洞 — ZXCLOUD iRAI 5.7 Medium2026-05-07
CVE-2026-40004 ZTE Cloud PC Client uSmartview openssl.cnf 提权漏洞 — ZXCLOUD iRAI 5.5 Medium2026-05-07
CVE-2026-21661 AC2000 不受控搜索路径元素漏洞 — AC2000--2026-05-06
CVE-2026-6788 WatchGuard Agent 插件加载器SYSTEM权限代码执行漏洞 — WatchGuard Agent--2026-05-06
CVE-2026-25852 Acronis DeviceLock DLP 代码问题漏洞 — Acronis DeviceLock DLP 7.8AIHighAI2026-04-29
CVE-2026-41373 OpenClaw 代码问题漏洞 — OpenClaw 6.1 Medium2026-04-28
CVE-2026-7279 eMPIA AVACAST 代码问题漏洞 — AVACAST 7.8 High2026-04-28
CVE-2026-42171 NSIS 代码问题漏洞 — Nullsoft Scriptable Install System 7.8 High2026-04-24
CVE-2026-32172 Microsoft Power Apps 代码问题漏洞 — Microsoft Power Apps 8.0 High2026-04-23
CVE-2025-10549 EfficientLab Controlio 代码问题漏洞 — Controlio 7.3AIHighAI2026-04-23
CVE-2026-34488 i-PRO IP Setting Software 代码问题漏洞 — IP Setting Software 7.8AIHighAI2026-04-23
CVE-2026-32679 Japan Media Systems LiveOn Meet Client和Canon Network Camera Plugin 代码问题漏洞 — Downloader5Installer.exe 7.8AIHighAI2026-04-23
CVE-2026-6421 Mobatek MobaXterm 安全漏洞 — MobaXterm Home Edition 7.0 High2026-04-17
CVE-2026-34632 Adobe Photoshop Installer 安全漏洞 — Adobe Photoshop Installer 8.2 High2026-04-15
CVE-2026-4134 Lenovo Software Fix 安全漏洞 — Software Fix 7.3 High2026-04-15
CVE-2026-1636 Lenovo Service Bridge 安全漏洞 — Service Bridge 6.7 Medium2026-04-15
CVE-2026-5397 OMRON PowerAttendant 安全漏洞 — PowerAttendant Standard Edition 7.8 High2026-04-15
CVE-2026-4158 KeePassXC 代码问题漏洞 — KeePassXC 7.3AIHighAI2026-04-11
CVE-2026-5055 NoMachine 代码问题漏洞 — NoMachine 7.8AIHighAI2026-04-11
CVE-2026-28704 EmoCheck 代码问题漏洞 — Emocheck 7.8AIHighAI2026-04-10
CVE-2026-40031 MemProcFS 代码问题漏洞 — MemProcFS 7.8 High2026-04-08
CVE-2025-14821 libssh 安全漏洞 — Red Hat Hardened Images 7.8 High2026-04-07
CVE-2026-27774 Acronis True Image 代码问题漏洞 — Acronis True Image 7.8AIHighAI2026-04-02
CVE-2026-28728 Acronis True Image 代码问题漏洞 — Acronis True Image 7.8AIHighAI2026-04-02
CVE-2026-3775 Foxit PDF Reader和Foxit PDF Editor 安全漏洞 — Foxit PDF Editor 7.8 High2026-04-01
CVE-2026-34054 vcpkg 代码问题漏洞 — vcpkg 7.8 High2026-03-31
CVE-2026-4962 UltraVNC 安全漏洞 — UltraVNC 7.0 High2026-03-27
CVE-2026-28760 RATOC RAID Monitoring Manager for Windows 代码问题漏洞 — RATOC RAID Monitoring Manager for Windows 7.8AIHighAI2026-03-26
CVE-2026-26306 OM Workspace 代码问题漏洞 — OM Workspace (Windows Edition) 7.8 -2026-03-25
CVE-2026-4546 Flos Freeware Notepad2 代码问题漏洞 — Notepad2 7.0 High2026-03-22

CWE-427(对搜索路径元素未加控制) 是常见的弱点类别,本平台收录该类弱点关联的 545 条 CVE 漏洞。