Aikido Intel
Secure My Code
Intel

AIKIDO-2026-10967

CefSharp.Common is vulnerable to Path Traversal

Path Traversal Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 5 days ago

54

Medium Risk

This Affects:

DOTNETCefSharp.Common
0.0.1 - 144.0.120
Fixed in 144.0.250
Are you affected? Scan for Free

TL;DR

The FolderSchemeHandlerFactory custom scheme handler maps requested URLs to files under a configured rootFolder. Before the fix, path resolution and a plain string prefix check could allow traversal sequences such as encoded ../ segments to read files outside the intended directory, including similarly prefixed sibling folders. An attacker who can steer the embedded browser to crafted scheme URLs may retrieve local files that should stay outside the served root. The fix normalizes the root directory boundary, rejects dangerous path characters, and enforces containment after full path resolution.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

CefSharp.Common is vulnerable to Path Traversal in versions 0.0.1 - 144.0.120.

How to fix this

Upgrade the CefSharp.Common and/or the CefSharp.Common.NETCore library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done