目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-426 不可信的搜索路径 类漏洞列表 198

CWE-426 不可信的搜索路径 类弱点 198 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-426 属于不信任搜索路径漏洞,指程序使用外部提供的路径查找关键资源,导致可能访问不受控的文件。攻击者常通过操纵环境变量或配置,将恶意程序或数据注入搜索路径,从而执行任意代码或窃取敏感信息。开发者应避免使用动态搜索路径,改用硬编码的绝对路径,或严格验证路径来源及权限,确保仅加载受信任目录下的资源,以阻断攻击链。

MITRE CWE 官方描述
CWE:CWE-426 不受信任的搜索路径 (Untrusted Search Path) 英文:该产品使用外部提供的搜索路径来搜索关键资源,该路径可能指向不受该产品直接控制的资源。 这可能导致攻击者执行其自己的程序、访问未经授权的数据文件或以意外方式修改配置。如果产品使用搜索路径来定位关键资源(如程序),则攻击者可以修改该搜索路径以指向恶意程序,目标产品随后将执行该程序。此问题扩展到产品所信任的任何类型的关键资源。不受信任的搜索路径的一些最常见变体包括:在各种 UNIX 和基于 Linux 的系统中,可能会查阅 PATH 环境变量来定位可执行程序,并使用 LD_PRELOAD 来定位单独的库。在各种基于 Microsoft 的系统中,如果未在其他出现在搜索顺序前面的路径中找到 DLL,则会查阅 PATH 环境变量来定位 DLL。
常见影响 (3)
Integrity, Confidentiality, Availability, Access ControlGain Privileges or Assume Identity, Execute Unauthorized Code or Commands
There is the potential for arbitrary code execution with privileges of the vulnerable program.
AvailabilityDoS: Crash, Exit, or Restart
The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format.
ConfidentialityRead Files or Directories
The program could send the output of unauthorized files to the attacker.
缓解措施 (5)
Architecture and Design, ImplementationHard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
ImplementationWhen invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code ref…
ImplementationRemove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
ImplementationCheck your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
ImplementationUse other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
代码示例 (2)
This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.
#define DIR "/restricted/directory" char cmd[500]; sprintf(cmd, "ls -l %480s", DIR); /* Raise privileges to those needed for accessing DIR. */ RaisePrivileges(...); system(cmd); DropPrivileges(...); ...
Bad · C
The user sets the PATH to reference a directory under the attacker's control, such as "/my/dir/". The attacker creates a malicious program called "ls", and puts that program in /my/dir The user executes the program. When system() is executed, the shell consults the PATH to find the ls program The program finds the attacker's malicious program, "/my/dir/ls". It doesn't find "/bin/ls" because PATH does not contain "/bin/". The program executes the attacker's malicious program with the raised privileges.
Attack
The following code from a system utility uses the system property APPHOME to determine the directory in which it is installed and then executes an initialization script based on a relative path from the specified directory.
... String home = System.getProperty("APPHOME"); String cmd = home + INITCMD; java.lang.Runtime.getRuntime().exec(cmd); ...
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-30407 Acronis Cyber Protect Cloud Agent 代码问题漏洞 — Acronis Cyber Protect Cloud Agent 7.8AIHighAI2025-03-26
CVE-2025-1398 Mattermost Desktop App 安全漏洞 — Mattermost 3.3 Low2025-03-17
CVE-2025-29903 JetBrains Runtime 代码问题漏洞 — Runtime 5.2 Medium2025-03-12
CVE-2025-27167 Adobe Illustrator 代码问题漏洞 — Illustrator 7.8 High2025-03-11
CVE-2025-1756 MongoDB 代码问题漏洞 — mongosh 7.5 High2025-02-27
CVE-2025-1755 MongoDB Compass 代码问题漏洞 — MongoDB Compass 7.5 High2025-02-27
CVE-2025-1068 Esri ArcGIS 代码问题漏洞 — ArcGIS AllSource 7.3 High2025-02-25
CVE-2025-26624 Rufus 代码问题漏洞 — rufus 7.8 -2025-02-18
CVE-2025-1353 Insomnia 代码问题漏洞 — Insomnia 7.0 High2025-02-16
CVE-2024-3220 CPython 安全漏洞 — CPython 5.5 -2025-02-14
CVE-2025-24828 Acronis Cyber Protect Cloud Agent 代码问题漏洞 — Acronis Cyber Protect Cloud Agent 7.8 -2025-01-31
CVE-2025-24827 Acronis Cyber Protect Cloud Agent 代码问题漏洞 — Acronis Cyber Protect Cloud Agent 7.8 -2025-01-31
CVE-2025-24829 Acronis Cyber Protect Cloud Agent 代码问题漏洞 — Acronis Cyber Protect Cloud Agent 7.8 -2025-01-31
CVE-2025-24830 Acronis Cyber Protect Cloud Agent 代码问题漏洞 — Acronis Cyber Protect Cloud Agent 7.8 -2025-01-31
CVE-2025-0145 Zoom Workplace 安全漏洞 — Zoom Workplace Apps for Windows 4.6 Medium2025-01-30
CVE-2025-24789 Snowflake JDBC 代码问题漏洞 — snowflake-jdbc 7.8 High2025-01-29
CVE-2025-0733 Postman 代码问题漏洞 — Postman 4.5 Medium2025-01-27
CVE-2025-0732 Discord 代码问题漏洞 — Discord 4.5 Medium2025-01-27
CVE-2025-0707 Rise Mode Temp CPU 代码问题漏洞 — Rise Mode Temp CPU 7.8 High2025-01-24
CVE-2024-13524 OBS Studio 代码问题漏洞 — OBS Studio 4.5 Medium2025-01-20
CVE-2025-0567 Epic Games Launcher 代码问题漏洞 — Launcher 4.5 Medium2025-01-19
CVE-2025-21399 Microsoft Edge 安全漏洞 — Microsoft Edge Update Setup 7.4 High2025-01-17
CVE-2020-8094 Bitdefender Antivirus Free 代码问题漏洞 — Antivirus Free 2020 7.3 -2025-01-15
CVE-2025-21365 Microsoft Office 代码问题漏洞 — Microsoft 365 Apps for Enterprise 7.8 High2025-01-14
CVE-2024-13158 Ivanti EPM 安全漏洞 — Endpoint Manager 7.2 High2025-01-14
CVE-2025-0459 RetroArch 代码问题漏洞 — RetroArch 5.3 Medium2025-01-14
CVE-2024-53866 pnpm 代码问题漏洞 — pnpm 9.8 -2024-12-10
CVE-2024-11454 Autodesk Revit 安全漏洞 — Revit 7.8 High2024-12-09
CVE-2023-1521 SUSE Linux Enterprise Server for SAP Applications 安全漏洞 — sccache 7.4 -2024-11-26
CVE-2024-49515 Adobe Substance 3D Painter 代码问题漏洞 — Substance3D - Painter 7.8 High2024-11-12

CWE-426(不可信的搜索路径) 是常见的弱点类别,本平台收录该类弱点关联的 198 条 CVE 漏洞。