VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 10 of 41
  • CVE-2026-34604HigApr 1, 2026
    risk 0.39cvss 7.1epss 0.00

    Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under…

  • CVE-2026-34603HigApr 1, 2026
    risk 0.39cvss 7.1epss 0.00

    Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link…

  • CVE-2026-24046HigJan 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read…

  • CVE-2002-0793MedAug 12, 2002
    risk 0.39cvss 5.5epss 0.01

    Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample…

  • CVE-2000-0972MedDec 19, 2000
    risk 0.39cvss 5.5epss 0.01

    HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

  • CVE-2026-23879higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Summary There exists an **arbitrary file write vulnerability** in `py7zr` (1.1.0, latest), which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using `extractall` to extract an archive, the library…

  • CVE-2018-1196MedMar 19, 2018
    risk 0.38cvss 5.9epss 0.01

    Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user"…

  • CVE-2026-41397MedApr 28, 2026
    risk 0.37cvss 6.8epss 0.00

    OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror…

  • CVE-2026-35349MedApr 22, 2026
    risk 0.37cvss 6.7epss 0.00

    A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this…

  • CVE-2025-2102MedMay 21, 2025
    risk 0.37cvss epss 0.00

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.

  • CVE-2025-46293MedJun 11, 2026
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

  • CVE-2026-48693MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp line 159). The print_screen_contents_into_file() function…

  • CVE-2026-6941MedApr 23, 2026
    risk 0.36cvss 6.6epss 0.00

    radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a…

  • CVE-2026-35365MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination.…

  • CVE-2026-28684MedApr 20, 2026
    risk 0.36cvss 6.6epss 0.00

    python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a…

  • CVE-2026-20161MedApr 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are…

  • CVE-2026-32212MedApr 14, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

  • CVE-2026-2490MedFeb 20, 2026
    risk 0.36cvss 5.5epss 0.00

    RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to…

  • CVE-2025-13154MedJan 14, 2026
    risk 0.36cvss 5.5epss 0.00

    An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

  • CVE-2025-12418MedNov 7, 2025
    risk 0.36cvss epss 0.00

    Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and…