GrepRules
Sign inPublish rule
Explore/cve-2026-44788-path-traversal-case-sensitive-starts-with

CVE-2026-44788: Path Traversal Case Sensitive Starts With

When performing path boundary checking, verifying paths via a case-sensitive `StartsWith` (e.g., `StringComparison.Ordinal`) is unsafe on case-insensitive file systems like Windows. Attackers can bypass the restriction by mixing case or leveraging symlink resolutions. Use a platform-aware string comparison check (e.g., `StringComparison.OrdinalIgnoreCase`).

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0C#β
greprules fetch cve-2026-44788-path-traversal-case-sensitive-starts-with --engine opengrep

Description

When performing path boundary checking, verifying paths via a case-sensitive `StartsWith` (e.g., `StringComparison.Ordinal`) is unsafe on case-insensitive file systems like Windows. Attackers can bypass the restriction by mixing case or leveraging symlink resolutions. Use a platform-aware string comparison check (e.g., `StringComparison.OrdinalIgnoreCase`).

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 72How quality works
Included packs
2 packs