CWE-426: Untrusted Search Path — known CVE vulnerabilities
CVEs classified under CWE-426 (Untrusted Search Path), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-45772 — CVSS 9.8 (critical): Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be…
CVE-2025-26155 — CVSS 9.8 (critical): NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
CVE-2024-53866 — CVSS 9.8 (critical): The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm…
CVE-2024-38462 — CVSS 9.8 (critical): iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106…
CVE-2023-30330 — CVSS 9.8 (critical): SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defau…
CVE-2022-24826 — CVSS 9.8 (critical): On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found…
CVE-2022-26184 — CVSS 9.8 (critical): Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when…
CVE-2011-4125 — CVSS 9.8 (critical): A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute…
CVE-2020-15801 — CVSS 9.8 (critical): In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations…
CVE-2018-19486 — CVSS 9.8 (critical): Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain…
CVE-2017-12414 — CVSS 9.8 (critical): Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and…
CVE-2017-2225 — CVSS 9.8 (critical): Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse…
CVE-2025-49457 — CVSS 9.6 (critical): Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via…
CVE-2025-65078: An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This…
CVE-2015-0096 — CVSS 9.3 (critical): Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7…
CVE-2011-5158 — CVSS 9.3 (critical): Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20…
CVE-2012-2040 — CVSS 9.3 (critical): Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and…
CVE-2011-2019 — CVSS 9.3 (critical): Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows…
CVE-2011-3691 — CVSS 9.3 (critical): Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll…
CVE-2010-4833 — CVSS 9.3 (critical): Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges…
CVE-2025-31480 — CVSS 9.1 (critical): aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL…
CVE-2025-23266 — CVSS 9.0 (critical): NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could…
CVE-2026-53819 — CVSS 8.8 (high): OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override…
CVE-2026-29089 — CVSS 8.8 (high): TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to…
CVE-2026-24070 — CVSS 8.8 (high): During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used…
CVE-2024-44103 — CVSS 8.8 (high): DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker…
CVE-2024-6975 — CVSS 8.8 (high): Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.
CVE-2024-32019 — CVSS 8.8 (high): Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent…
CVE-2022-4883 — CVSS 8.8 (high): A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress…
CVE-2022-38060 — CVSS 8.8 (high): A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in…
CVE-2022-0074 — CVSS 8.8 (high): Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege…
CVE-2022-26183 — CVSS 8.8 (high): PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when…
CVE-2021-41387 — CVSS 8.8 (high): seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
CVE-2021-28249 — CVSS 8.8 (high): CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To…
CVE-2019-13637 — CVSS 8.8 (high): In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to…
CVE-2018-10904 — CVSS 8.8 (high): It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by…
CVE-2018-6513 — CVSS 8.8 (high): Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1…
CVE-2017-2207 — CVSS 8.8 (high): Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via…
CVE-2017-2206 — CVSS 8.8 (high): Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a…
CVE-2017-2178 — CVSS 8.8 (high): Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an…
CVE-2017-2177 — CVSS 8.8 (high): Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain…
CVE-2017-2149 — CVSS 8.8 (high): Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update…
CVE-2016-1417 — CVSS 8.8 (high): Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking…
CVE-2026-27290 — CVSS 8.6 (high): Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute…
CVE-2026-21333 — CVSS 8.6 (high): Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute…
CVE-2026-23512 — CVSS 8.6 (high): SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options…