CWE•Base•Draft•20 recent CVEs
CWE-427Uncontrolled Search Path Element
Description
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
[object Object]
Common consequences
- Confidentiality,Integrity,Availability→Execute Unauthorized Code or Commands
Potential mitigations
- Architecture and Design,ImplementationHard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
- ImplementationWhen invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code ref
- ImplementationRemove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
- ImplementationCheck your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory. Since this is a denylist approach, it might not be a complete solution.
- ImplementationUse other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of finding the program using the PATH environment variable, while execl() and execv() require a full path.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-415677.22026-06-05CVE-2026-500337.32026-06-03CVE-2026-446827.32026-06-03CVE-2026-446097.32026-06-03CVE-2026-365747.82026-06-03CVE-2026-443588.22026-05-28CVE-2026-472746.32026-05-27CVE-2023-529457.82026-05-27CVE-2025-416707.82026-05-27CVE-2025-145752026-05-19CVE-2026-323237.32026-05-19CVE-2026-470927.82026-05-18CVE-2024-363337.82026-05-15CVE-2026-73732026-05-15CVE-2025-626282026-05-14CVE-2024-470912026-05-13CVE-2026-446127.82026-05-13CVE-2026-207722026-05-12CVE-2025-365152026-05-12CVE-2025-359692026-05-12