VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 8 of 41
  • CVE-2016-3096HigJun 3, 2016
    risk 0.44cvss 7.8epss 0.00

    The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path…

  • CVE-2015-3629HigMay 18, 2015
    risk 0.44cvss 7.8epss 0.01

    Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

  • CVE-2026-34242HigApr 15, 2026
    risk 0.43cvss 7.7epss 0.00

    Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.

  • CVE-2026-4135MedApr 15, 2026
    risk 0.43cvss 6.6epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges.

  • CVE-2026-21419MedFeb 9, 2026
    risk 0.43cvss 6.6epss 0.00

    Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability,…

  • CVE-2016-9602HigApr 26, 2018
    risk 0.43cvss 7.6epss 0.04

    Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

  • CVE-2026-54056HigJun 12, 2026
    risk 0.42cvss 7.6epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote `text/uri-list` drops are staged in a temporary…

  • CVE-2026-11853MedJun 10, 2026
    risk 0.42cvss 6.5epss 0.00

    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine…

  • CVE-2026-42497HigMay 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that…

  • CVE-2026-42574HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.00

    apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write…

  • CVE-2026-44340HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does…

  • CVE-2026-41231HigApr 23, 2026
    risk 0.42cvss 7.5epss 0.00

    Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that…

  • CVE-2026-33748HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.00

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root.…

  • CVE-2011-2765HigAug 20, 2018
    risk 0.42cvss 7.5epss 0.02

    pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

  • CVE-2018-15351MedAug 17, 2018
    risk 0.42cvss 6.5epss 0.02

    Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.

  • CVE-2017-15097MedJul 27, 2018
    risk 0.42cvss 6.5epss 0.01

    Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

  • CVE-2018-1000073HigMar 13, 2018
    risk 0.42cvss 7.5epss 0.05

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb…

  • CVE-2017-1000420HigJan 2, 2018
    risk 0.42cvss 7.5epss 0.02

    Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

  • CVE-2017-7549MedSep 21, 2017
    risk 0.42cvss 6.4epss 0.00

    A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local…

  • CVE-2005-0587MedMar 25, 2005
    risk 0.42cvss 6.5epss 0.01

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.