CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59
CVE-2026-54230 HIGH
Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites
CVSS 7.0
CVE-2026-54056 HIGH
Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging
CVSS 7.6
CVE-2026-54055 MEDIUM
Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol
CVSS 5.0
CVE-2026-45384 MEDIUM
bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update
CVSS 6.1
CVE-2026-53476 CRITICAL
Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write
CVSS 9.6
CVE-2026-11853 MEDIUM
Debusine >=0.12.0 <0.14.9 - Arbitrary Symbolic Link Creation via Mergeuploads Task
CVSS 6.5
CVE-2026-11837 HIGH
Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown
CVSS 7.3
CVE-2026-50511 HIGH
Microsoft PC Manager Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-44275 MEDIUM
Dell/Alienware Purchased Apps < 1.1.32.0 - Improper Link Resolution Before File Access ('Link Following')
CVSS 6.3
CVE-2026-45586 HIGH
Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-45491 MEDIUM
Microsoft .NET 10.0 - .NET Tampering Vulnerability
CVSS 6.2
CVE-2026-42989 HIGH
Microsoft Windows 10 Version 1607 - Winlogon Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-28262 MEDIUM
Dell Idrac Tools < 11.4.1.0 or later - Improper Link Resolution Before File Access ('Link Following')
CVSS 6.0
CVE-2026-11322 MEDIUM
Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass
CVSS 6.5
CVE-2026-41236 HIGH
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path
CVSS 8.8
CVE-2026-42795 MEDIUM
Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root
CVE-2026-49135 HIGH
CodexBar < 0.32.0 - Insecure Temporary File Handling in Notarization Workflow
CVSS 7.1
CVE-2026-40861 MEDIUM
Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler
CVSS 6.5
CVE-2026-6892 MEDIUM
Canon Pixus iX6800 Series Cups Printer Driver For macOS - Improper Link Resolution Before File Access ('Link Following')
CVSS 5.0
CVE-2026-6891 MEDIUM
Canon Inc. MY Image Garden For macOS - Improper Link Resolution Before File Access ('Link Following')
CVSS 5.0
CVE-2026-45403 LOW
AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory
CVSS 2.0
CVE-2026-44881 CRITICAL
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
CVSS 9.9
CVE-2026-9804 HIGH
Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
CVSS 7.7
CVE-2026-44711 HIGH
pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption
CVSS 7.9
CVE-2026-48921 HIGH
Jenkins Pipeline: Groovy Libraries Plugin < 797.v90ea_a_9b_e45a_0 - Arbitrary File Read
CVSS 7.5
Details
Vulnerabilities 1,518
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits