CWE-61

High likelihood

UNIX Symbolic Link (Symlink) Following

Parent: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

106 vulnerabilities with CWE-61
CVE-2026-27976 HIGH
Zed <0.224.4 - Path Traversal
CVSS 8.8
CVE-2026-27485 MEDIUM
OpenClaw <=2026.2.17 - Info Disclosure
CVSS 4.4
CVE-2026-25724 HIGH
Claude Code <2.1.7 - Info Disclosure
CVSS 7.5
CVE-2026-1386 MEDIUM
Firecracker <1.13.2-1.14.1 - Privilege Escalation
CVSS 6.0
CVE-2026-24047 MEDIUM
Backstage <0.1.17 - Path Traversal
CVSS 6.3
CVE-2026-23986 HIGH
Copier <9.11.2 - Path Traversal
CVSS 7.1
CVE-2026-23968 MEDIUM
Copier <9.11.2 - Path Traversal
CVSS 5.5
CVE-2025-68937
Forgejo <13.0.2 - Code Injection
CVE-2025-33225 HIGH
NVIDIA Resiliency Extension - Privilege Escalation
CVSS 8.4
CVE-2025-14693 MEDIUM
Ugreen DH2100+ <5.3.0 - Symlink Following
CVSS 6.2
CVE-2025-67487 HIGH
Static-web-server Static Web Server < 2.40.0 - Symlink Following
CVSS 8.6
CVE-2025-66431 HIGH
WebPros Plesk <18.0.73.5, <18.0.74.2 - Authenticated RCE
CVSS 7.8
CVE-2025-65105 MEDIUM
Apptainer <1.4.5 - Privilege Escalation
CVSS 4.5
CVE-2025-64750 MEDIUM
SingularityCE <4.3.5 & SingularityPRO 4.1.11 & 4.3.5 - SSRF
CVSS 4.5
CVE-2025-62724 MEDIUM
Open OnDemand <4.0.8, <3.1.16 - Info Disclosure
CVSS 4.3
CVE-2025-52881 HIGH
runc <1.4.0-rc.2 - Privilege Escalation
CVSS 7.5
CVE-2025-52565 HIGH
Linuxfoundation Runc < 1.2.8 - Denial of Service
CVSS 7.5
CVE-2025-31133 HIGH
Linuxfoundation Runc < 1.2.8 - Denial of Service
CVSS 7.8
CVE-2025-62596 CRITICAL
Youki <0.5.7 - Privilege Escalation
CVSS 10.0
CVE-2025-62161 CRITICAL
Youki <0.5.7 - Container Escape
CVSS 10.0
CVE-2025-43991 MEDIUM
SupportAssist <4.8.2-4.5.3 - Info Disclosure
CVSS 6.3
CVE-2025-11489 MEDIUM
Wonderwhy-er Desktopcommandermcp < 0.2.13 - Symlink Following
CVSS 4.5
CVE-2025-59829 MEDIUM
Claude Code <1.0.120 - Privilege Escalation
CVSS 6.5
CVE-2025-53881
exim <4.98.2-lp156.248.1 - Privilege Escalation
CVE-2025-59343
NPM Tar-fs < 3.1.1 - Path Traversal
Details
Vulnerabilities 106
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits