CVE-2019-19606

X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.

Source: CVE-2019-19606