CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 27 of 30
- CVE-2025-62363HIGHCVSS 7.8EG 7.82025-10-13
yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacke…
- CVE-2025-62364MEDIUMCVSS 6.2EG 6.22025-10-13
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file cont…
- CVE-2025-62676HIGHCVSS 7.1EG 7.12026-02-10
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may all…
- CVE-2025-64437MEDIUMCVSS 5.0EG 5.02025-11-07
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to…
- CVE-2025-65843HIGHCVSS 7.7EG 7.72025-12-03
Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them …
- CVE-2025-66277CRITICALCVSS 9.8EG 9.82026-02-11
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vuln…
- CVE-2025-66626HIGHCVSS 7.5EG 8.12025-12-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives.…
- CVE-2025-67124MEDIUMCVSS 6.8EG 6.82026-01-23
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can creat…
- CVE-2025-67487HIGHCVSS 8.6EG 8.62025-12-09
Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root fo…
- CVE-2025-68146MEDIUMCVSS 6.3EG 6.32025-12-16
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulne…
- CVE-2025-68279HIGHCVSS 7.7EG 7.72025-12-18
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
- CVE-2025-69429MEDIUMCVSS 6.1EG 7.52026-02-03
The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a sy…
- CVE-2025-69430MEDIUMCVSS 6.1EG 9.82026-02-03
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12), and DM200 (version equal to or prior to V1.2.23) that c…
- CVE-2025-69431MEDIUMCVSS 6.1EG 9.82026-02-03
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access …
- CVE-2025-7012HIGHCVSS 8.6EG 8.62025-07-13
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.
- CVE-2025-7073HIGHCVSS 7.8EG 7.82025-12-10
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable dir…
- CVE-2025-71212HIGHCVSS 7.8EG 7.82026-05-21
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code …
- CVE-2025-8612HIGHCVSS 7.3EG 7.32025-08-20
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain t…
- CVE-2025-8959HIGHCVSS 7.5EG 7.52025-08-15
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-ge…
- CVE-2025-9869HIGHCVSS 7.8EG 7.82025-10-29
Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability …
- CVE-2025-9870HIGHCVSS 7.8EG 7.82025-10-29
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain …
- CVE-2025-9871HIGHCVSS 7.8EG 7.82025-10-29
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the abilit…
- CVE-2025-9968HIGHCVSS 8.5EG 8.52025-10-13
A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, pl…
- CVE-2026-0827HIGHCVSS 7.1EG 7.12026-04-15
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticate…
- CVE-2026-11322MEDIUMCVSS 6.5EG 6.52026-06-04
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can …
- CVE-2026-11837HIGHCVSS 7.3EG 7.32026-06-10
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. A…
- CVE-2026-11853MEDIUMCVSS 6.5EG 6.52026-06-10
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser us…
- CVE-2026-11940HIGHCVSS 7.8EG 7.82026-06-23
tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's …
- CVE-2026-12567LOWCVSS 2.2EG 2.22026-06-17
The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing wor…
- CVE-2026-14361MEDIUMCVSS 4.7EG 4.72026-07-08
The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. Th…
- CVE-2026-14699LOWCVSS 3.3EG 3.32026-07-05
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be e…
- CVE-2026-14891HIGHCVSS 8.7EG 8.72026-07-08
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to r…
- CVE-2026-14904MEDIUMCVSS 6.5EG 6.52026-07-07
AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue (…
- CVE-2026-14966LOWCVSS 3.1EG 3.12026-07-08
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versio…
- CVE-2026-20161MEDIUMCVSS 5.5EG 5.52026-04-15
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to impr…
- CVE-2026-20610HIGHCVSS 7.8EG 7.82026-02-11
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
- CVE-2026-20941HIGHCVSS 7.8EG 7.82026-01-13
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
- CVE-2026-21419MEDIUMCVSS 6.6EG 6.62026-02-09
Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could pot…
- CVE-2026-21517MEDIUMCVSS 4.7EG 7.02026-02-10
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
- CVE-2026-22180MEDIUMCVSS 5.3EG 5.32026-03-18
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in f…
- CVE-2026-22701MEDIUMCVSS 5.3EG 5.32026-01-10
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permiss…
- CVE-2026-22702MEDIUMCVSS 4.5EG 4.52026-01-10
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation…
- CVE-2026-23563MEDIUMCVSS 5.7EG 5.72026-01-29
Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected s…
- CVE-2026-23879HIGHCVSS 8.0EG 8.02026-06-19
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreat…
- CVE-2026-23893MEDIUMCVSS 6.8EG 6.82026-01-22
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesy…
- CVE-2026-24046HIGHCVSS 7.1EG 7.12026-01-21
Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder t…
- CVE-2026-24047MEDIUMCVSS 6.3EG 6.32026-01-21
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath`…
- CVE-2026-24056MEDIUMCVSS 6.5EG 6.52026-01-26
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package cont…
- CVE-2026-24842HIGHCVSS 8.2EG 8.22026-01-28
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacke…
- CVE-2026-24884HIGHCVSS 8.4EG 8.42026-02-04
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outsi…
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →