VYPR

CWE-61

UNIX Symbolic Link (Symlink) Following

CompoundIncompleteLikelihood: High

Description

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-27

CVEs mapped to this weakness (97)

page 2 of 5
  • CVE-2025-59343HigSep 24, 2025
    risk 0.50cvss epss 0.01

    tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A…

  • CVE-2025-57802HigAug 25, 2025
    risk 0.50cvss epss 0.00

    Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container…

  • CVE-2025-24886HigJan 30, 2025
    risk 0.50cvss 7.7epss 0.00

    pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates…

  • CVE-2026-42306HigJun 12, 2026
    risk 0.47cvss 7.2epss 0.00

    Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount…

  • CVE-2026-21916HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed…

  • CVE-2026-22767HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

  • CVE-2026-7819HigMay 11, 2026
    risk 0.46cvss 8.1epss 0.00

    Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link…

  • CVE-2026-7832HigMay 5, 2026
    risk 0.46cvss 7.0epss 0.00

    A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It…

  • CVE-2026-41364HigApr 28, 2026
    risk 0.46cvss 8.1epss 0.01

    OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote…

  • CVE-2026-41326HigApr 24, 2026
    risk 0.46cvss 8.2epss 0.00

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to…

  • CVE-2025-9566HigSep 5, 2025
    risk 0.46cvss 8.1epss 0.01

    There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can…

  • CVE-2024-1933HigMar 26, 2024
    risk 0.46cvss 7.1epss 0.00

    Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.

  • CVE-2025-53881MedOct 2, 2025
    risk 0.45cvss epss 0.00

    A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

  • CVE-2026-35525HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is…

  • CVE-2026-27489HigApr 1, 2026
    risk 0.42cvss 7.5epss 0.01

    Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version…

  • CVE-2026-41568MedJun 12, 2026
    risk 0.40cvss 6.1epss 0.00

    Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or…

  • CVE-2026-41937HigMay 14, 2026
    risk 0.40cvss 7.2epss 0.00

    Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header…

  • CVE-2025-14693MedDec 15, 2025
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and…

  • CVE-2025-30485MedApr 3, 2025
    risk 0.40cvss 6.2epss 0.00

    UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal…

  • CVE-2025-29787HigMar 17, 2025
    risk 0.40cvss epss 0.01

    `zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used…