CVE-2026-58300
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVSS
6.2
Medium
EPSS
0.3%
p26
KEV
—
Exploit Today
8
0-100
Published: Jul 3, 2026 · Last modified: Jul 7, 2026 · CWE-36
0.3%EPSS · 30 days0.4%
2026-07-042026-07-17
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-153025.3 MED41.4%
——12The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the 'wp-content/uploads/armember' directory.4dCVE-2026-08467.5 HIG34.7%
——10A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.3dCVE-2026-572116.5 MED32.7%
——10RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation when multiple management extension plugins are enabled, causing outbound DNS and SMB requests to attacker-controlled UNC paths. This issue is fixed in versions 4.1.11 and 4.2.6.4dCVE-2026-263378.2 HIG28.1%
——8Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.4d