CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 30 of 30
- CVE-2026-55607HIGHCVSS 8.8EG 8.82026-06-29
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks…
- CVE-2026-55667HIGHCVSS 8.2EG 8.22026-06-25
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete …
- CVE-2026-55668MEDIUMCVSS 6.3EG 6.32026-07-08
File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user wit…
- CVE-2026-56236MEDIUMCVSS 6.1EG 6.12026-06-21
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary f…
- CVE-2026-56692MEDIUMCVSS 5.5EG 5.52026-06-23
NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName be…
- CVE-2026-57571CRITICALCVSS 9.6EG 9.62026-07-06
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no conf…
- CVE-2026-57991HIGHCVSS 7.4EG 7.42026-07-03
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
- CVE-2026-58198MEDIUMCVSS 5.5EG 5.52026-07-09
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract() uses a predictable home-rooted output directory (~/ubuntu_data/ubuntu_dialogs) with a check-then-create p…
- CVE-2026-58203MEDIUMCVSS 5.3EG 5.32026-07-06
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry inside secr…
- CVE-2026-58403MEDIUMCVSS 6.5EG 6.52026-07-06
Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which foll…
- CVE-2026-61858LOWCVSS 3.3EG 3.32026-07-11
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions throu…
- CVE-2026-6891MEDIUMCVSS 5.0EG 5.02026-05-28
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissi…
- CVE-2026-6892MEDIUMCVSS 5.0EG 5.02026-05-29
Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories…
- CVE-2026-6941MEDIUMCVSS 6.6EG 6.62026-04-23
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked…
- CVE-2026-6959MEDIUMCVSS 6.0EG 6.02026-05-12
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 a…
- CVE-2026-7374CRITICALCVSS 9.9EG 9.92026-05-26
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console …
- CVE-2026-7397MEDIUMCVSS 4.4EG 4.42026-04-29
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The…
- CVE-2026-7832HIGHCVSS 7.0EG 7.02026-05-05
A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack …
- CVE-2026-8052MEDIUMCVSS 6.0EG 6.02026-05-12
HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the …
- CVE-2026-8784MEDIUMCVSS 4.2EG 4.22026-05-18
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is…
- CVE-2026-9804HIGHCVSS 7.7EG 7.72026-05-28
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an expo…
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →