CWE-61
UNIX Symbolic Link (Symlink) Following
CompoundIncompleteLikelihood: High
Description
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-27
CVEs mapped to this weakness (49)
page 1 of 3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28189 | Cri | 0.66 | 10.0 | 0.58 | Apr 18, 2024 | Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1. | |
| CVE-2024-28185 | Cri | 0.66 | 10.0 | 0.65 | Apr 18, 2024 | Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox. | |
| CVE-2026-39861 | Cri | 0.65 | 10.0 | 0.00 | Apr 21, 2026 | Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could independently write outside the workspace, but their combination could write to arbitrary locations, potentially leading to code execution outside the sandbox. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window to trigger sandboxed code execution via prompt injection. Users on standard Claude Code auto-update have received this fix automatically. Users performing manual updates are advised to update to version 2.1.64 or later. | |
| CVE-2026-34078 | Cri | 0.65 | 10.0 | 0.00 | Apr 7, 2026 | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4. | |
| CVE-2025-23394 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2025 | A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1. | |
| CVE-2024-54661 | Cri | 0.64 | 9.8 | 0.00 | Dec 4, 2024 | readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. | |
| CVE-2025-68937 | Cri | 0.62 | — | 0.00 | Dec 26, 2025 | Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later. | |
| CVE-2025-55345 | Hig | 0.57 | 8.8 | 0.01 | Aug 13, 2025 | Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory. | |
| CVE-2025-46810 | Hig | 0.55 | — | 0.00 | Sep 2, 2025 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29. | |
| CVE-2025-10854 | Hig | 0.53 | 8.1 | 0.00 | Sep 22, 2025 | The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhere in the filesystem when txtai is used to load untrusted embedding indices | |
| CVE-2024-47515 | Hig | 0.53 | 8.1 | 0.00 | Dec 24, 2024 | A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance. | |
| CVE-2026-39860 | Cri | 0.52 | 9.0 | 0.00 | Apr 8, 2026 | Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-output derivation output registration. This affects sandboxed Linux builds - sandboxed macOS builds are unaffected. The location of the temporary output used for the output copy was located inside the build chroot. A symlink, pointing to an arbitrary location in the filesystem, could be created by the derivation builder at that path. During output registration, the Nix process (running in the host mount namespace) would follow that symlink and overwrite the destination with the derivation's output contents. In multi-user installations, this allows all users able to submit builds to the Nix daemon (allowed-users - defaulting to all users) to gain root privileges by modifying sensitive files. This vulnerability is fixed in 2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, and 2.28.6. | |
| CVE-2025-66431 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2025 | WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management." | |
| CVE-2025-59343 | Hig | 0.50 | — | 0.00 | Sep 24, 2025 | tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories. | |
| CVE-2025-57802 | Hig | 0.50 | — | 0.00 | Aug 25, 2025 | Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1. | |
| CVE-2025-24886 | Hig | 0.50 | 7.7 | 0.00 | Jan 30, 2025 | pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website. | |
| CVE-2026-35525 | Hig | 0.49 | 7.5 | 0.00 | Apr 8, 2026 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not realpath-based. Because of that, a file like partials/link.liquid passes the directory containment check as long as its pathname is under the allowed root. If link.liquid is actually a symlink to a file outside the allowed root, the filesystem follows the symlink when the file is opened and LiquidJS renders the external target. So the restriction is applied to the path string that was requested, not to the file that is actually read. This matters in environments where an attacker can place templates or otherwise influence files under a trusted template root, including uploaded themes, extracted archives, mounted content, or repository-controlled template trees. This vulnerability is fixed in 10.25.3. | |
| CVE-2026-21916 | Hig | 0.47 | 7.3 | 0.00 | Apr 9, 2026 | A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later. | |
| CVE-2026-22767 | Hig | 0.47 | 7.3 | 0.00 | Apr 1, 2026 | Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | |
| CVE-2026-7832 | Hig | 0.46 | 7.0 | 0.00 | May 5, 2026 | A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. |