Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,463 vulnerabilities with CWE-59

CVE-2026-34604 HIGH

@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

CVE-2026-34603 HIGH

@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

CVE-2026-34452 MEDIUM

Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

CVE-2026-33748 HIGH

BuildKit Git URL subdir component can cause access to restricted files

CVE-2026-28866 MEDIUM

Apple Ios And Ipados < 18.7.7 - Denial of Service

CVE-2026-20694 MEDIUM

Apple Ios And Ipados < 26.3 - Denial of Service

CVE-2026-20633 MEDIUM

macOS <14.8.5 - Info Disclosure

CVE-2026-32054 MEDIUM

OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling

CVE-2026-32024 MEDIUM

OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

CVE-2026-32020 LOW

OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler

CVE-2026-32013 HIGH

OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods

CVE-2026-31990 MEDIUM

OpenClaw < 2026.3.2 - Symlink Traversal in stageSandboxMedia Destination

CVE-2026-33001 HIGH

Jenkins <=2.541.2 - Path Traversal

CVE-2026-22180 MEDIUM

OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

CVE-2026-2808 MEDIUM

HashiCorp Consul 1.18.20-1.21.10/1.22.4 - Info Disclosure

CVE-2026-31979 HIGH

Himmelblau <3.1.0/2.3.8 - Privilege Escalation

CVE-2026-31894 HIGH

WeGIA 3.6.5 - Path Traversal

CVE-2026-25187 HIGH

Winlogon - Privilege Escalation

CVE-2026-28689 MEDIUM

ImageMagick <7.1.2-16/6.9.13-41 - Auth Bypass

CVE-2026-29786 MEDIUM

node-tar <7.5.10 - Path Traversal

CVE-2026-27748 HIGH

Avira Internet Security - Privilege Escalation

CVE-2026-27905 HIGH

BentoML <1.4.36 - Path Traversal

CVE-2026-25906 HIGH

Dell Optimizer <6.3.1 - Privilege Escalation

CVE-2026-27967 HIGH

Zed <0.225.9 - Path Traversal

CVE-2026-2490 MEDIUM

RustDesk Client for Windows - Info Disclosure

Previous Page 2 of 59 Next

Details

Vulnerabilities 1,463

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy