A bug where crafted path segments such as ../ allow input to escape an intended directory boundary. In practice, it turns a normal file operation into a boundary break, which is especially dangerous when the affected service runs with non-human identity privileges and touches production data or secrets.
Related resources from NHI Mgmt Group
- Why do leaked secrets need a different reporting path than ordinary software bugs?
- How should security teams prevent hardcoded secrets from becoming a breach path?
- What breaks when organisations do not map the access path of AI and SaaS integrations?
- How should organisations respond when a privileged SSH certificate path is flawed?
Deepen Your Knowledge
NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
