The invention discloses a path traversal vulnerability detection method. The method comprises the following steps of 1, performing program instrumentation on a Java EE program through a byte code enhancement method; 2, by the instrumentation program, tracking the propagation path of data, obtained from the outside by the Java EE program, in the program; 3, when the instrumentation program finds that external data is directly propagated to the path traversal risk method without passing through a security filtering method, performing vulnerability detection logic judgment; and when the instrumentation program finds that the external data is propagated through the security filtering method, determining that the vulnerability does not exist. According to the method, the data flow direction during running of the application program can be tracked in real time during running of the Java EE program, the real forming process of the vulnerability and the specific code position of the vulnerability can be detected, and online, real-time, comprehensive and accurate vulnerability detection is achieved. Meanwhile, whether the vulnerability exists or not can be determined by analyzing the propagation paths of the stains in different scenes, and the possible utilization harm of the vulnerability can be given separately.