Security Risk Category

path-traversal Security Risks

Published vulnerability pages connected to path-traversal. One risk can appear in multiple categories while keeping one canonical page.

path-traversal risks

Showing 3 of 3 published risks.

lowEPSS 0.003

mcp-text-editor Path Traversal Vulnerability

A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of the argument file_path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor closed the GitHub issue for this vulnerability without any explanation.

CVE-2026-15138mcppythonpath-traversalmcp-text-editor

Updated Jul 10, 2026

highEPSS 0.003

BOSH CLI blobs.yml Path Traversal Vulnerability

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.

CVE-2026-47826cloud-foundryboshclipath-traversal

Updated Jul 10, 2026

high

Bit Form WordPress Plugin Arbitrary File Deletion Vulnerability

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config).

CVE-2026-14372wordpressbit-formfile-deletionpath-traversal

Updated Jul 10, 2026