CVE-2026-45725: Path Traversal Via Url Path

Extracting components from untrusted URL paths without validation and appending them to local paths allows path traversal. This can result in arbitrary directories being created or file contents being overwritten via Arbitrary File Write.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0python

greprules fetch cve-2026-45725-path-traversal-via-url-path --engine opengrep

Description

Extracting components from untrusted URL paths without validation and appending them to local paths allows path traversal. This can result in arbitrary directories being created or file contents being overwritten via Arbitrary File Write.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 109 downloads
0 direct109 via packs
· 0 stars · Trust score 61How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata