VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 13 of 41
  • CVE-2001-1494MedDec 31, 2001
    risk 0.36cvss 5.5epss 0.00

    script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

  • CVE-2000-1178MedJan 9, 2001
    risk 0.36cvss 5.5epss 0.01

    Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

  • CVE-1999-1386MedDec 31, 1999
    risk 0.36cvss 5.5epss 0.00

    Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

  • CVE-1999-0783MedJun 16, 1998
    risk 0.36cvss 5.5epss 0.01

    FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

  • CVE-2026-11322MedJun 4, 2026
    risk 0.35cvss 6.5epss 0.00

    Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing…

  • CVE-2026-40861MedJun 1, 2026
    risk 0.35cvss 6.5epss 0.01

    A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task…

  • CVE-2026-32282MedApr 8, 2026
    risk 0.35cvss 6.4epss 0.00

    On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which…

  • CVE-2018-5107MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information…

  • CVE-2026-43619MedMay 20, 2026
    risk 0.34cvss 6.3epss 0.00

    Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported…

  • CVE-2026-34883MedMay 19, 2026
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file…

  • CVE-2026-35345MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently…

  • CVE-2026-24047MedJan 21, 2026
    risk 0.34cvss 6.3epss 0.00

    Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in…

  • CVE-2015-0796MedMar 2, 2018
    risk 0.34cvss 6.3epss 0.01

    In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on…

  • CVE-2026-6892MedMay 29, 2026
    risk 0.33cvss 5.0epss 0.00

    Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have…

  • CVE-2026-6891MedMay 29, 2026
    risk 0.33cvss 5.0epss 0.00

    Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not…

  • CVE-2013-4392MedOct 28, 2013
    risk 0.33cvss 5.0epss 0.00

    systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

  • CVE-2026-8052MedMay 12, 2026
    risk 0.32cvss 6.0epss 0.00

    HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.

  • CVE-2026-6959MedMay 12, 2026
    risk 0.32cvss 6.0epss 0.00

    HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

  • CVE-2026-40977MedApr 28, 2026
    risk 0.31cvss 4.7epss 0.00

    When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix…

  • CVE-2026-35359MedApr 22, 2026
    risk 0.31cvss 4.7epss 0.00

    A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O_NOFOLLOW flag.…