CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 9 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44275 | Med | 0.41 | 6.3 | 0.00 | Jun 9, 2026 | Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write | ||
| CVE-2026-45539 | Hig | 0.41 | 7.4 | 0.01 | May 15, 2026 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rglob() calls and read each match with Path.read_text(), transparently following… | ||
| CVE-2026-41610 | Med | 0.41 | 6.3 | 0.01 | May 12, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-27105 | Med | 0.41 | 6.3 | 0.00 | Apr 29, 2026 | Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write | ||
| CVE-2025-43448 | Med | 0.41 | 6.3 | 0.00 | Nov 4, 2025 | This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of… | ||
| CVE-2025-53109 | Hig | 0.41 | — | 0.01 | Jul 2, 2025 | Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to… | ||
| CVE-2024-27885 | Med | 0.41 | 6.3 | 0.00 | Jun 10, 2024 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system. | ||
| CVE-2026-45384 | Med | 0.40 | 6.1 | 0.00 | Jun 10, 2026 | bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in… | ||
| CVE-2026-45491 | Med | 0.40 | 6.2 | 0.00 | Jun 9, 2026 | Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. | ||
| CVE-2025-14693 | Med | 0.40 | 6.2 | 0.00 | Dec 15, 2025 | A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and… | ||
| CVE-2025-62364 | Med | 0.40 | 6.2 | 0.01 | Oct 13, 2025 | text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary… | ||
| CVE-2025-22247 | Med | 0.40 | 6.1 | 0.00 | May 12, 2025 | VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. | ||
| CVE-2025-32817 | Med | 0.40 | 6.1 | 0.00 | Apr 16, 2025 | A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. | ||
| CVE-2016-8641 | Med | 0.40 | 6.7 | 0.01 | Aug 1, 2018 | A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and… | ||
| CVE-2016-9595 | Hig | 0.40 | 7.3 | 0.00 | Jul 27, 2018 | A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | ||
| CVE-2017-12258 | Med | 0.40 | 6.1 | 0.02 | Oct 5, 2017 | A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML… | ||
| CVE-2015-5701 | Med | 0.40 | 6.1 | 0.00 | Aug 25, 2017 | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. | ||
| CVE-2015-5700 | Med | 0.40 | 6.1 | 0.00 | Aug 25, 2017 | mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | ||
| CVE-2026-28262 | Med | 0.39 | 6.0 | 0.00 | Jun 9, 2026 | Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | ||
| CVE-2026-49135 | Hig | 0.39 | 7.1 | 0.00 | Jun 1, 2026 | CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the… |
- risk 0.41cvss 6.3epss 0.00
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
- risk 0.41cvss 7.4epss 0.01
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rglob() calls and read each match with Path.read_text(), transparently following…
- risk 0.41cvss 6.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- risk 0.41cvss 6.3epss 0.00
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
- risk 0.41cvss 6.3epss 0.00
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of…
- risk 0.41cvss —epss 0.01
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to…
- risk 0.41cvss 6.3epss 0.00
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system.
- risk 0.40cvss 6.1epss 0.00
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in…
- risk 0.40cvss 6.2epss 0.00
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
- risk 0.40cvss 6.2epss 0.00
A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and…
- risk 0.40cvss 6.2epss 0.01
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary…
- risk 0.40cvss 6.1epss 0.00
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
- risk 0.40cvss 6.1epss 0.00
A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
- risk 0.40cvss 6.7epss 0.01
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and…
- risk 0.40cvss 7.3epss 0.00
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
- risk 0.40cvss 6.1epss 0.02
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML…
- risk 0.40cvss 6.1epss 0.00
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
- risk 0.40cvss 6.1epss 0.00
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
- risk 0.39cvss 6.0epss 0.00
Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
- risk 0.39cvss 7.1epss 0.00
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the…