CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 18 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27523 | 0.00 | — | 0.00 | Mar 18, 2026 | OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed… | |||
| CVE-2026-22180 | 0.00 | — | 0.00 | Mar 18, 2026 | OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape… | |||
| CVE-2026-2808 | 0.00 | — | 0.00 | Mar 11, 2026 | HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5. | |||
| CVE-2026-28689 | 0.00 | — | 0.00 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied… | |||
| CVE-2026-29786 | 0.00 | — | 0.00 | Mar 7, 2026 | node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal… | |||
| CVE-2026-27905 | 0.00 | — | 0.00 | Mar 3, 2026 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink members it only validates… | |||
| CVE-2026-24884 | 0.00 | — | 0.00 | Feb 4, 2026 | Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an… | |||
| CVE-2026-24842 | 0.00 | — | 0.01 | Jan 28, 2026 | node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that… | |||
| CVE-2026-24056 | 0.00 | — | 0.00 | Jan 26, 2026 | pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path… | |||
| CVE-2025-67124 | 0.00 | — | 0.00 | Jan 23, 2026 | A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the… | |||
| CVE-2026-22702 | 0.00 | — | 0.00 | Jan 10, 2026 | virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local… | |||
| CVE-2026-22701 | 0.00 | — | 0.00 | Jan 10, 2026 | filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a… | |||
| CVE-2025-68279 | 0.00 | — | 0.00 | Dec 18, 2025 | Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue. | |||
| CVE-2025-68146 | 0.00 | — | 0.00 | Dec 16, 2025 | filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows… | |||
| CVE-2025-66626 | 0.00 | — | 0.01 | Dec 9, 2025 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's… | |||
| CVE-2025-64437 | 0.00 | — | 0.00 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files… | |||
| CVE-2025-55247 | — | 0.00 | — | 0.01 | Oct 14, 2025 | Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-57749 | 0.00 | — | 0.00 | Aug 20, 2025 | n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks).… | |||
| CVE-2025-8959 | — | 0.00 | — | 0.01 | Aug 15, 2025 | HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9. | ||
| CVE-2025-54798 | 0.00 | — | 0.00 | Aug 7, 2025 | tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. |
- CVE-2026-27523Mar 18, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed…
- CVE-2026-22180Mar 18, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape…
- CVE-2026-2808Mar 11, 2026risk 0.00cvss —epss 0.00
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
- CVE-2026-28689Mar 9, 2026risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied…
- CVE-2026-29786Mar 7, 2026risk 0.00cvss —epss 0.00
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal…
- CVE-2026-27905Mar 3, 2026risk 0.00cvss —epss 0.00
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink members it only validates…
- CVE-2026-24884Feb 4, 2026risk 0.00cvss —epss 0.00
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an…
- CVE-2026-24842Jan 28, 2026risk 0.00cvss —epss 0.01
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that…
- CVE-2026-24056Jan 26, 2026risk 0.00cvss —epss 0.00
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path…
- CVE-2025-67124Jan 23, 2026risk 0.00cvss —epss 0.00
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the…
- CVE-2026-22702Jan 10, 2026risk 0.00cvss —epss 0.00
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local…
- CVE-2026-22701Jan 10, 2026risk 0.00cvss —epss 0.00
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a…
- CVE-2025-68279Dec 18, 2025risk 0.00cvss —epss 0.00
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
- CVE-2025-68146Dec 16, 2025risk 0.00cvss —epss 0.00
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows…
- CVE-2025-66626Dec 9, 2025risk 0.00cvss —epss 0.01
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's…
- CVE-2025-64437Nov 7, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files…
- CVE-2025-55247Oct 14, 2025risk 0.00cvss —epss 0.01
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
- CVE-2025-57749Aug 20, 2025risk 0.00cvss —epss 0.00
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks).…
- CVE-2025-8959Aug 15, 2025risk 0.00cvss —epss 0.01
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.
- CVE-2025-54798Aug 7, 2025risk 0.00cvss —epss 0.00
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.