Glossary · Term

path traversal

← all terms

Definition

Plain language

A security bug where an attacker tricks a program into reaching files outside the folder it was supposed to stay in.

As stated in the literature

A vulnerability class in which unsanitized input containing directory components (like dot-dot-slash) lets an attacker access files outside the intended directory; one of the standard injected-vulnerability types in agentic code-security evaluations.

Why it matters: It can expose private files a program was never meant to share, making input checking on file paths essential.

For example, a download feature that doesn't check filenames might let someone request '../../passwords' and walk right out of the intended folder to a sensitive file.

Related terms