Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-61

CWE-61

High likelihood

UNIX Symbolic Link (Symlink) Following

Parent: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

138 vulnerabilities with CWE-61

CVE-2026-27489 HIGH

ONNX: Path Traversal via Symlink

CVE-2026-22767 HIGH

Dell AppSync 4.6.0 - Symlink Following

CVE-2026-33711 HIGH

Incus vulnerable to local privilege escalation through VM screenshot path

CVE-2026-20694 MEDIUM

iOS and iPadOS < 26.3 - Unauthorized Data Access via Symlink Handling

CVE-2026-33056 MEDIUM

tar-rs: unpack_in can chmod arbitrary directories by following symlinks

CVE-2026-24018 HIGH

FortiClientLinux 7.2.2-7.4.4 - Privilege Escalation

CVE-2026-27976 HIGH

zed < 0.224.4 - Arbitrary File Write via Symlink in Extension Tar Extraction

CVE-2026-27485 MEDIUM

OpenClaw <=2026.2.17 - Info Disclosure

CVE-2026-25724 HIGH

Claude Code <2.1.7 - Info Disclosure

CVE-2026-1386 MEDIUM

Firecracker <1.13.2-1.14.1 - Privilege Escalation

CVE-2026-24047 MEDIUM

@backstage/cli-common < 0.1.17 - Path Traversal via Symlink Chain Bypass

CVE-2026-23986 HIGH

copier < 9.11.2 - Arbitrary File Write via Symlink Following with _preserve_symlinks

CVE-2026-23968 MEDIUM

copier < 9.11.2 - Arbitrary File Access via Symlink Following

CVE-2025-43278 MEDIUM

macOS < 15.4 - Unprotected User Data Exposure via Symlink Handling

CVE-2025-68937 CRITICAL

Forgejo 11.0.0-11.0.6 and 12.0.0-13.0.1 - Arbitrary File Write via Template Repository Symlink Handling

CVE-2025-33225 HIGH

NVIDIA Resiliency Extension - Privilege Escalation

CVE-2025-14693 MEDIUM

Ugreen DH2100+ <5.3.0 - Symlink Following

CVE-2025-67487 HIGH

static-web-server < 2.40.1 - Symbolic Link Following

CVE-2025-66431 HIGH

WebPros Plesk <18.0.73.5, <18.0.74.2 - Authenticated RCE

CVE-2025-65105 MEDIUM

Apptainer <1.4.5 - Privilege Escalation

CVE-2025-64750 MEDIUM

SingularityCE and SingularityPRO - LSM Label Redirect Restriction Bypass

CVE-2025-62724 MEDIUM

Open OnDemand <4.0.8, <3.1.16 - Info Disclosure

CVE-2025-52881 HIGH

runc <1.4.0-rc.2 - Privilege Escalation

CVE-2025-52565 HIGH

runc 1.0.0-rc3-1.2.7 1.3.0-rc.1-1.3.2 1.4.0-rc.1-1.4.0-rc.2 - Symbolic Link Following via Bind-Mount

CVE-2025-31133 HIGH

runc < 1.2.8, 1.3.0-rc.1-1.3.1, 1.4.0-rc.1-1.4.0-rc.2 - Arbitrary Mount Gadget via Insufficient Bind-Mount Verification

Previous Page 2 of 6 Next

Details

Vulnerabilities 138

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy