Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,463 vulnerabilities with CWE-59

CVE-2026-41882 HIGH

JetBrains IntelliJ IDEA <2024.3.7.1 - Path Traversal

CVE-2026-7397 MEDIUM

NousResearch hermes-agent file_tools.py _check_sensitive_path symlink

CVE-2026-27105 MEDIUM

Dell/Alienware Purchased Apps < 1.1.31.0 - Arbitrary File Write

CVE-2026-5161 HIGH

Improper Authentication in TUBITAK BILGEM's Pardus About

CVE-2026-41397 MEDIUM

OpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File Sync and Symlink Traversal

CVE-2026-41364 HIGH

OpenClaw < 2026.3.31 - Arbitrary File Write via Symlink Following in SSH Sandbox Tar Upload

CVE-2026-40977 MEDIUM

Spring Boot <4.0.6 - File Corruption

CVE-2026-41433 HIGH

OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR

CVE-2026-6941 MEDIUM

radare2 < 6.1.4 Project Notes Path Traversal via Symlink

CVE-2026-33694 HIGH

Junction File Manipulation

CVE-2026-41231 HIGH

Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron

CVE-2026-35365 MEDIUM

uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion

CVE-2026-35359 MEDIUM

uutils coreutils cp Information Disclosure via Time-of-Check to Time-of-Use Symlink Swap

CVE-2026-35349 MEDIUM

uutils coreutils Path-Based Safety Bypass with --preserve-root

CVE-2026-35345 MEDIUM

uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race

CVE-2026-40931 HIGH

Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing

CVE-2026-28684 MEDIUM

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

CVE-2026-34242 HIGH

Weblate: Arbitrary File Read via Symlink

CVE-2026-20161 MEDIUM

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

CVE-2026-4135 MEDIUM

Lenovo Software Fix < 7.5.5.19 - Arbitrary File Write

CVE-2026-0827 HIGH

Lenovo Diagnostics < 5.26.0 - Arbitrary File Write

CVE-2026-32212 MEDIUM

Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

CVE-2026-35400 LOW

LORIS incorrectly trusts user input in publication module

CVE-2026-32282 MEDIUM

TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

CVE-2026-27456 MEDIUM

util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup

Page 1 of 59 Next

Details

Vulnerabilities 1,463

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy