CVE-2026-29066: Nodejs Path Traversal Unvalidated Join
Path traversal vulnerability detected. Untrusted input from incoming requests or URL decoding operations flows directly into file system operations. An attacker could read, write, or delete arbitrary files on the host system. Ensure that paths are resolved securely against a trusted base directory and validated to prevent escaping (e.g. by checking if the re
JSgreprules fetch cve-2026-29066-nodejs-path-traversal-unvalidated-join --engine opengrepDescription
Path traversal vulnerability detected. Untrusted input from incoming requests or URL decoding operations flows directly into file system operations. An attacker could read, write, or delete arbitrary files on the host system. Ensure that paths are resolved securely against a trusted base directory and validated to prevent escaping (e.g. by checking if the re
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0