CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1990 vulnerabilities reference this CWE, most recent first.
GHSA-HRWV-7VP5-R8PF
Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2020-3437"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-16T18:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.",
"id": "GHSA-hrwv-7vp5-r8pf",
"modified": "2022-05-24T17:23:48Z",
"published": "2022-05-24T17:23:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3437"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanwebid-5QWMcCvt"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HV99-MXM5-Q397
Vulnerability from github – Published: 2026-04-16 20:43 – Updated: 2026-04-16 20:43Impact
The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository.
Patches
- https://github.com/WeblateOrg/weblate/pull/18683
References
Thanks to @DavidCarliez for reporting this vulnerability via GitHub.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "weblate"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34242"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-22",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-16T20:43:11Z",
"nvd_published_at": "2026-04-15T19:16:35Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe ZIP download feature didn\u0027t verify downloaded file and it could follow symlinks outside the repository.\n\n### Patches\n\n* https://github.com/WeblateOrg/weblate/pull/18683\n\n### References\n\nThanks to @DavidCarliez for reporting this vulnerability via GitHub.",
"id": "GHSA-hv99-mxm5-q397",
"modified": "2026-04-16T20:43:11Z",
"published": "2026-04-16T20:43:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34242"
},
{
"type": "WEB",
"url": "https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3"
},
{
"type": "PACKAGE",
"url": "https://github.com/WeblateOrg/weblate"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Weblate: Arbitrary File Read via Symlink"
}
GHSA-HVH5-4JWJ-5RCF
Vulnerability from github – Published: 2022-04-10 00:00 – Updated: 2022-04-15 00:00A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-27883"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-09T00:15:00Z",
"severity": "HIGH"
},
"details": "A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.",
"id": "GHSA-hvh5-4jwj-5rcf",
"modified": "2022-04-15T00:00:54Z",
"published": "2022-04-10T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27883"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10978"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-546"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVPC-22M7-JG3M
Vulnerability from github – Published: 2022-05-02 06:12 – Updated: 2022-05-02 06:12Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.
{
"affected": [],
"aliases": [
"CVE-2010-0439"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-03-26T18:30:00Z",
"severity": "MODERATE"
},
"details": "Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.",
"id": "GHSA-hvpc-22m7-jg3m",
"modified": "2022-05-02T06:12:43Z",
"published": "2022-05-02T06:12:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0439"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/510306/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/38924"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HVR9-WR9P-GRGR
Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2024-09-24 20:47Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mercurial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-1000115"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-01T17:00:31Z",
"nvd_published_at": "2017-10-05T01:29:00Z",
"severity": "HIGH"
},
"details": "Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository",
"id": "GHSA-hvr9-wr9p-grgr",
"modified": "2024-09-24T20:47:20Z",
"published": "2022-05-14T01:04:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000115"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2489"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-18"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290"
},
{
"type": "WEB",
"url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3963"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Mercurial missing symlink check"
}
GHSA-HW2R-7JP6-9R7M
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2023-02-02 21:34daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
{
"affected": [],
"aliases": [
"CVE-2015-3147"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-14T18:15:00Z",
"severity": "MODERATE"
},
"details": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.",
"id": "GHSA-hw2r-7jp6-9r7m",
"modified": "2023-02-02T21:34:00Z",
"published": "2022-05-24T17:06:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3147"
},
{
"type": "WEB",
"url": "https://github.com/abrt/abrt/pull/955"
},
{
"type": "WEB",
"url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1083"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1210"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-3147"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HWC8-4222-XW22
Vulnerability from github – Published: 2022-05-02 03:26 – Updated: 2022-05-02 03:26JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
{
"affected": [],
"aliases": [
"CVE-2009-1526"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-05-05T20:30:00Z",
"severity": "MODERATE"
},
"details": "JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.",
"id": "GHSA-hwc8-4222-xw22",
"modified": "2022-05-02T03:26:05Z",
"published": "2022-05-02T03:26:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1526"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/54014"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34861"
},
{
"type": "WEB",
"url": "http://www.directadmin.com/features.php?id=968"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HWHH-H7C7-WQ3J
Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
{
"affected": [],
"aliases": [
"CVE-2008-4908"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-04T00:57:00Z",
"severity": "LOW"
},
"details": "maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.",
"id": "GHSA-hwhh-h7c7-wq3j",
"modified": "2022-05-17T02:18:33Z",
"published": "2022-05-17T02:18:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4908"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44841"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496358"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32487"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/30893"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HWMR-M7QH-WXR9
Vulnerability from github – Published: 2024-12-14 00:31 – Updated: 2024-12-14 00:31Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.
{
"affected": [],
"aliases": [
"CVE-2024-12552"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-13T23:15:05Z",
"severity": "HIGH"
},
"details": "Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. \n\nThe specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.",
"id": "GHSA-hwmr-m7qh-wxr9",
"modified": "2024-12-14T00:31:12Z",
"published": "2024-12-14T00:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12552"
},
{
"type": "WEB",
"url": "https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.8-2.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1683"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HX59-P22R-49RV
Vulnerability from github – Published: 2024-12-15 06:32 – Updated: 2024-12-16 18:31gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.
{
"affected": [],
"aliases": [
"CVE-2024-56074"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-15T04:15:05Z",
"severity": "MODERATE"
},
"details": "gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.",
"id": "GHSA-hx59-p22r-49rv",
"modified": "2024-12-16T18:31:08Z",
"published": "2024-12-15T06:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56074"
},
{
"type": "WEB",
"url": "https://github.com/cyclotruc/gitingest/pull/23"
},
{
"type": "WEB",
"url": "https://github.com/cyclotruc/gitingest/commit/9996a06a94450497c1abb35997f5e6cbc9b571ff"
},
{
"type": "WEB",
"url": "https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L22-L30"
},
{
"type": "WEB",
"url": "https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L99-L100"
},
{
"type": "WEB",
"url": "https://gitingest.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.