CVE-2026-57097
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
CVSS
6.4
Medio
EPSS
0.2%
p16
KEV
—
Exploit Today
5
0-100
Publicado: 14 jul 2026 · Última mod.: 14 jul 2026 · CWE-426
0.2%EPSS · 30 días0.2%
2026-07-152026-07-16
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-444779.9 CRÍ38.3%
——11CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3.2dCVE-2021-366667.8 ALT36.6%
——11An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.8dCVE-2026-491457.5 ALT25.0%
——8App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc.
ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include --files-from, so a project .ackrc can set it to a path whose listed files ack then reads and searches. Version 3.10.0 added --follow to the blocklist; --files-from remains accepted.
A project .ackrc committed to an untrusted repository can make ack read files outside the project and print their matching lines.8dCVE-2021-33057.8 ALT24.6%
——7Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.8dCVE-2026-398837.0 ALT12.4%
——4OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.2dCVE-2026-483467.9 ALT8.5%
——3Animate is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.10h