← Back
CWE-610

235 CVEs • Abstraction: Class

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

JSON object

Loading...

CVEs (235)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
-
-
Jul 9, 2026
Jul 9, 2026
5.9 MEDIUM· v4
N/A· v3
N/A· v2
An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerabili...Show more
An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.Show less
1Citrix
2Netscaler Application Delivery Controller
Netscaler Gateway
Jul 2, 2026
Jun 30, 2026
7.1 HIGH· v4
7.5 HIGH· v3
N/A· v2
Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
1Jenkins
1Official Owasp Zap
Jun 26, 2026
Jun 24, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins co...Show more
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.Show less
-
-
Jun 22, 2026
Jun 21, 2026
2.1 LOW· v4
6.3 MEDIUM· v3
6.5 MEDIUM· v2
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parse...Show more
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.Show less
1Microsoft
1Azure Stack Edge
Jun 17, 2026
Jun 9, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
1Netgear
35Cbr750 Firmware
Ex6120 FirmwareEx6130 Firmware+32 more
Jun 18, 2026
Jun 9, 2026
4.3 MEDIUM· v4
4.5 MEDIUM· v3
N/A· v2
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
-
-
Jun 17, 2026
May 21, 2026
N/A· v4
8.1 HIGH· v3
N/A· v2
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resourc...Show more
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.Show less
1Tenable
1Terrascan
Jun 17, 2026
May 19, 2026
9.2 CRITICAL· v4
8.6 HIGH· v3
N/A· v2
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFor...Show more
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.Show less
1Tenable
1Terrascan
Jun 17, 2026
May 19, 2026
9.2 CRITICAL· v4
8.6 HIGH· v3
N/A· v2
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in se...Show more
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.Show less
1Zoom
1Workplace Virtual Desktop Infrastructure
Jun 17, 2026
May 13, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.
1Microsoft
1Edge Chromium
Jun 17, 2026
May 12, 2026
N/A· v4
7.4 HIGH· v3
N/A· v2
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
1Microsoft
5Sql Server 2016
Sql Server 2017Sql Server 2019+2 more
Jun 18, 2026
May 12, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
1Microsoft
1Azure Monitor Agent
Jun 18, 2026
May 12, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
1Microsoft
1Partner Center
Jun 17, 2026
May 7, 2026
N/A· v4
8.2 HIGH· v3
N/A· v2
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
1Tp Link
1Archer Ax53 Firmware
Jun 17, 2026
Apr 8, 2026
6.8 MEDIUM· v4
5.7 MEDIUM· v3
N/A· v2
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful e...Show more
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.Show less
1Tp Link
1Archer Ax53 Firmware
Jun 17, 2026
Apr 8, 2026
6.8 MEDIUM· v4
5.7 MEDIUM· v3
N/A· v2
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.  Successful...Show more
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.  Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.Show less
1Vertigis
1Fm
Jun 17, 2026
Apr 1, 2026
7.4 HIGH· v4
8.8 HIGH· v3
N/A· v2
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When...Show more
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks. This issue affects VertiGIS FM: 10.5.00119 (0d29d428).Show less
1Openclaw
1Openclaw
Jun 17, 2026
Mar 19, 2026
7.1 HIGH· v4
6.5 MEDIUM· v3
N/A· v2
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed() function that allows authenticated users with browser-tool access to navigate to file:/...Show more
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed() function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the OpenClaw process user through browser snapshot and extraction actions to exfiltrate sensitive data.Show less
1Zoom
2Workplace Desktop
Workplace Virtual Desktop Infrastructure
Jun 17, 2026
Mar 11, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
1Acronis
1Cyber Protect
Jun 17, 2026
Mar 6, 2026
N/A· v4
7.3 HIGH· v3
N/A· v2
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.