Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2026-34604 HIGH

@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

CVE-2026-34603 HIGH

@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

CVE-2026-34452 MEDIUM

Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

CVE-2026-33748 HIGH

BuildKit Git URL subdir component can cause access to restricted files

CVE-2026-28866 MEDIUM

iOS and iPadOS < 18.7.7 - Unauthenticated Sensitive Data Exposure via Symlink Validation Bypass

CVE-2026-20694 MEDIUM

iOS and iPadOS < 26.3 - Unauthorized Data Access via Symlink Handling

CVE-2026-20633 MEDIUM

macOS < 14.8.5, < 15.7.5, < 26.4 - Unprotected User Data Exposure via Symlink Handling

CVE-2026-32054 MEDIUM

OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling

CVE-2026-32024 MEDIUM

OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

CVE-2026-32020 LOW

OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler

CVE-2026-32013 HIGH

OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods

CVE-2026-31990 MEDIUM

OpenClaw < 2026.3.2 - Symlink Traversal in stageSandboxMedia Destination

CVE-2026-33001 HIGH

Jenkins < 2.555 and LTS < 2.541.3 - Arbitrary File Write via Symbolic Link Handling in Archive Extraction

CVE-2026-22180 MEDIUM

OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

CVE-2026-2808 MEDIUM

HashiCorp Consul 1.18.20-1.21.10/1.22.4 - Info Disclosure

CVE-2026-31979 HIGH

Himmelblau <3.1.0/2.3.8 - Privilege Escalation

CVE-2026-31894 HIGH

WeGIA 3.6.5 - Arbitrary File Read via Unvalidated Symbolic Links in Backup Archive

CVE-2026-25187 HIGH

Windows 10 1607-22H2 and Windows 11 23H2-24H2 - Privilege Escalation via Winlogon Link Resolution

CVE-2026-28689 MEDIUM

ImageMagick <7.1.2-16/6.9.13-41 - Auth Bypass

CVE-2026-29786 MEDIUM

tar < 7.5.10 - Path Traversal via Drive-Relative Hardlink

CVE-2026-27748 HIGH

Avira Internet Security - Privilege Escalation

CVE-2026-27905 HIGH

BentoML < 1.4.36 - Arbitrary File Write via Symlink Target Bypass

CVE-2026-25906 HIGH

Dell Optimizer <6.3.1 - Privilege Escalation

CVE-2026-27967 HIGH

Zed < 0.225.9 - Symlink Escape and Arbitrary File Access via Agent File Tools

CVE-2026-2490 MEDIUM

RustDesk Client for Windows - Info Disclosure

Previous Page 4 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy