Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2026-48693 MEDIUM

FastNetMon Community Edition <= 1.2.9 - Local Symlink Attack via Predictable /tmp File Path

CVE-2026-7374 CRITICAL

Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

CVE-2026-42497 HIGH

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory

CVE-2026-42496 CRITICAL

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory

CVE-2026-40610 MEDIUM

BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context

CVE-2026-44051 HIGH

Netatalk 3.0.2-4.4.2 - Authenticated Arbitrary File Read and Write via Symlink

CVE-2026-42834 HIGH

Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

CVE-2026-41091 HIGH KEV

Microsoft Defender Elevation of Privilege Vulnerability

CVE-2026-43619 MEDIUM

Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

CVE-2026-34883 MEDIUM

Portrait Dell Color Management < 3.7.0 - Privilege Escalation via Symbolic Link Attack

CVE-2026-8784 MEDIUM

npitre cramfs-tools cramfsck.c change_file_status symlink

CVE-2026-45539 HIGH

Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

CVE-2026-44471 HIGH

gitoxide: Symlink prefix-reuse allows worktree escape during checkout

CVE-2026-43998 HIGH

vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape

CVE-2026-44470 HIGH

Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService

CVE-2026-8052 MEDIUM

Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

CVE-2026-6959 MEDIUM

Nomad vulnerable to arbitrary file read/write on client host through symlink attack

CVE-2026-44220 LOW

ciguard: discover_pipeline_files follows symlinks out of scan root

CVE-2026-41610 MEDIUM

Visual Studio Code Security Feature Bypass Vulnerability

CVE-2026-43989 HIGH

JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

CVE-2026-5061 MEDIUM

Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

CVE-2026-42574 HIGH

apko 0.14.8-1.2.4 dirFS - Symlink Path Traversal

CVE-2026-44340 HIGH

PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

CVE-2026-39819 MEDIUM

Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

CVE-2026-7832 HIGH

IObit Advanced SystemCare Service ASC.exe symlink

Previous Page 2 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy