CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1984 vulnerabilities reference this CWE, most recent first.
CVE-2026-14699 (GCVE-0-2026-14699)
Vulnerability from cvelistv5 – Published: 2026-07-05 03:15 – Updated: 2026-07-06 16:21| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376295 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376295/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14699 | third-party-advisory |
| https://vuldb.com/submit/846864 | third-party-advisory |
| https://github.com/zcaceres/markdownify-mcp/issues/108 | issue-tracking |
| https://github.com/zcaceres/markdownify-mcp/pull/109 | issue-trackingpatch |
| https://github.com/zcaceres/markdownify-mcp/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| zcaceres | markdownify-mcp |
Affected:
1.0
Affected: 1.1.0 cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:20:52.255822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:21:02.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:*"
],
"product": "markdownify-mcp",
"vendor": "zcaceres",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem000000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "Symlink Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T03:15:08.112Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376295 | zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376295"
},
{
"name": "VDB-376295 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376295/cti"
},
{
"name": "CVE-2026-14699 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14699"
},
{
"name": "Submit #846864 | zcaceres markdownify-mcp / mcp-markdownify-server up to 1.1.0 CWE-59: Improper Link Resolution Before File Access (\u0027Link Follo",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/846864"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/zcaceres/markdownify-mcp/issues/108"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/zcaceres/markdownify-mcp/pull/109"
},
{
"tags": [
"product"
],
"url": "https://github.com/zcaceres/markdownify-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T07:27:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14699",
"datePublished": "2026-07-05T03:15:08.112Z",
"dateReserved": "2026-07-04T05:22:43.104Z",
"dateUpdated": "2026-07-06T16:21:02.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14361 (GCVE-0-2026-14361)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:11 – Updated: 2026-07-08 20:37- CWE-59 - Improper Link Resolution Before File Access (Link Following)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T20:37:49.249358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:37:56.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Tooling",
"repo": "https://github.com/hashicorp/consul-template",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "0.42.1",
"status": "affected",
"version": "0.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported to HashiCorp by Mohamed Abdelaal (0xmrma)."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132: Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (Link Following)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:11:32.799Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2026-20-consul-template-vulnerable-to-path-redirections-in-writetofile/77559"
}
],
"source": {
"advisory": "HCSEC-2026-20",
"discovery": "EXTERNAL"
},
"title": "Consul-template is vulnerable to path redirection in writeToFile through symlink attack"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2026-14361",
"datePublished": "2026-07-08T20:11:32.799Z",
"dateReserved": "2026-07-01T19:00:00.428Z",
"dateUpdated": "2026-07-08T20:37:56.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12567 (GCVE-0-2026-12567)
Vulnerability from cvelistv5 – Published: 2026-06-17 21:51 – Updated: 2026-06-18 12:50- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| Vendor | Product | Version | |
|---|---|---|---|
| Black Lantern Security | BBOT |
Affected:
2.0.0 , ≤ <=2.8.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T12:50:06.432373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T12:50:13.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BBOT",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "Black Lantern Security",
"versions": [
{
"lessThanOrEqual": "\u003c=2.8.4",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location."
}
],
"value": "The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T21:51:35.593Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://github.com/blacklanternsecurity/bbot/commit/16d9c42b6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Symlink-following arbitrary write via github_workflows module",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2026-12567",
"datePublished": "2026-06-17T21:51:35.593Z",
"dateReserved": "2026-06-17T21:49:05.331Z",
"dateUpdated": "2026-06-18T12:50:13.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11940 (GCVE-0-2026-11940)
Vulnerability from cvelistv5 – Published: 2026-06-23 16:04 – Updated: 2026-06-30 15:13| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.15.0
(python)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T17:57:25.652265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:57:32.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.15.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Haruki Oyama (https://github.com/harukioya)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Stan Ulbrych (https://github.com/StanFromIreland)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Petr Viktorin (https://github.com/encukou)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"type": "text/html",
"value": "\u003cspan\u003etarfile.extractall()\u003c/span\u003e with the \u003cspan\u003e\u0027data\u0027\u003c/span\u003e or \u003cspan\u003e\u0027tar\u0027\u003c/span\u003e\n filter could be bypassed by a crafted archive where a hardlink \nreferences a symlink stored at a deeper name than the hardlink itself.\u0026nbsp; \nThe extraction fallback validated the symlink at it\u0027s archived location \nbut recreated it at the hardlink\u0027s shallower\u003cbr\u003epath, letting a relative\n target the filter judged contained escape the destination directory.\u0026nbsp; \nThis allowed a malicious tar archive to create a symlink pointing \noutside the destination, enabling out-of-destination file reads or \nwrites. This was an incomplete fix of CVE-2025-4330."
}
],
"value": "tarfile.extractall() with the \u0027data\u0027 or \u0027tar\u0027\n filter could be bypassed by a crafted archive where a hardlink \nreferences a symlink stored at a deeper name than the hardlink itself.\u00a0 \nThe extraction fallback validated the symlink at it\u0027s archived location \nbut recreated it at the hardlink\u0027s shallower\npath, letting a relative\n target the filter judged contained escape the destination directory.\u00a0 \nThis allowed a malicious tar archive to create a symlink pointing \noutside the destination, enabling out-of-destination file reads or \nwrites. This was an incomplete fix of CVE-2025-4330."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T15:13:33.568Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/151559"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/LD6QIISNQFQYOIEPJNEUIPV7S3V76FZH/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/151558"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/27dd970bf6b17ebca7c8ed486a40ab043ed7af8f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/672825e2f36a57e173959b0d9d409d4560dab8df"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/771d12dda5140313db0ac550292987975651bbde"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/79c06bd5c6afa3c440d50faf7ee1b147c8832b4c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/be13e86f6b9788a6f4d0419dffef72cbae5865c9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "tarfile extraction filter bypass allows escaping the destination directory",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-11940",
"datePublished": "2026-06-23T16:04:17.321Z",
"dateReserved": "2026-06-10T19:50:59.923Z",
"dateUpdated": "2026-06-30T15:13:33.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11837 (GCVE-0-2026-11837)
Vulnerability from cvelistv5 – Published: 2026-06-10 05:03 – Updated: 2026-07-15 01:23- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-11837 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487424 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T13:57:35.655997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T13:58:16.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "rhel-system-roles",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "rhc-worker-playbook",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "rhel-system-roles",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "rhel-system-roles",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"packageName": "ansible-collection-ansible-posix",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"packageName": "ansible-collection-ansible-posix",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module\u0027s keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:23:04.815Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-11837"
},
{
"name": "RHBZ#2487424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487424"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11837.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-10T00:00:00.000Z",
"value": "Made public."
}
],
"title": "ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown",
"workarounds": [
{
"lang": "en",
"value": "The following practices would help for avoiding exposure and mitigate this flaw:\n\n1) Do not run the ansible.posix authorized_key module with elevated privileges against untrusted user accounts. \n2) Validate that target user home directories do not contain unexpected symbolic links before running playbooks."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "rhel-system-roles",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "rhc-worker-playbook",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "rhel-system-roles",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "rhel-system-roles",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"packageName": "ansible-collection-ansible-posix",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"packageName": "ansible-collection-ansible-posix",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Valentino Paulon for reporting this issue."
}
],
"datePublic": "2026-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module\u0027s keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T08:36:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-11837"
},
{
"name": "RHBZ#2487424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487424"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-10T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown",
"workarounds": [
{
"lang": "en",
"value": "The following practices would help for avoiding exposure and mitigate this flaw:\n\n1) Do not run the ansible.posix authorized_key module with elevated privileges against untrusted user accounts. \n2) Validate that target user home directories do not contain unexpected symbolic links before running playbooks."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-11837",
"datePublished": "2026-06-10T05:03:05.734Z",
"dateReserved": "2026-06-10T04:10:05.146Z",
"dateUpdated": "2026-07-15T01:23:04.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11322 (GCVE-0-2026-11322)
Vulnerability from cvelistv5 – Published: 2026-06-04 21:58 – Updated: 2026-07-14 15:53- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://github.com/nesquena/hermes-webui/pull/3398 | issue-tracking |
| https://github.com/nesquena/hermes-webui/commit/7… | patch |
| https://www.vulncheck.com/advisories/hermes-webui… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| nesquena | Hermes WebUI |
Affected:
0 , < 0.51.221
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11322",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:06:29.352173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:06:34.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nesquena/hermes-webui/pull/3398"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/nesquena/hermes-webui",
"defaultStatus": "unknown",
"product": "Hermes WebUI",
"vendor": "nesquena",
"versions": [
{
"lessThan": "0.51.221",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:get-hermes:hermes_web_ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.51.221",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chia Min Jun Lennon"
}
],
"datePublic": "2026-06-02T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve symlink targets without enforcing that the final path remains within the workspace, to read external host files accessible to the server process and disclose sensitive data such as SSH keys, cloud credentials, or application tokens.\u003c/p\u003e"
}
],
"value": "Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve symlink targets without enforcing that the final path remains within the workspace, to read external host files accessible to the server process and disclose sensitive data such as SSH keys, cloud credentials, or application tokens."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:53:04.733Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/nesquena/hermes-webui/pull/3398"
},
{
"tags": [
"patch"
],
"url": "https://github.com/nesquena/hermes-webui/commit/7c48c376299b8058fd35127a59aefadded7e4a92"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hermes-webui-before-path-traversal-via-symlink-workspace-bypass"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-11322",
"datePublished": "2026-06-04T21:58:47.308Z",
"dateReserved": "2026-06-04T21:29:10.986Z",
"dateUpdated": "2026-07-14T15:53:04.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9804 (GCVE-0-2026-9804)
Vulnerability from cvelistv5 – Published: 2026-05-28 08:15 – Updated: 2026-07-15 00:38- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:27903 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27913 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27914 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27983 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28002 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-9804 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2482487 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Container Native Virtualization 4.17 |
Unaffected:
1781757410 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.17::el9 |
|
| Red Hat | Red Hat Container Native Virtualization 4.18 |
Unaffected:
1781928221 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.18::el9 |
|
| Red Hat | Red Hat Container Native Virtualization 4.19 |
Unaffected:
1781590993 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | Red Hat Container Native Virtualization 4.20 |
Unaffected:
1781838712 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.20::el9 |
|
| Red Hat | Red Hat Container Native Virtualization 4.21 |
Unaffected:
1782012918 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.21::el9 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T01:54:32.833433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T01:54:43.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781757410",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781928221",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781590993",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.20::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.20",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781838712",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.21::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.21",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782012918",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-28T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KubeVirt\u0027s virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod\u0027s filesystem. This leads to information disclosure, potentially exposing sensitive data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:38:26.784Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-9804"
},
{
"name": "RHBZ#2482487",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482487"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9804.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28002"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27913"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27914"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27983"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27903"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:28002: Red Hat Container Native Virtualization 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:27913: Red Hat Container Native Virtualization 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:27914: Red Hat Container Native Virtualization 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:27983: Red Hat Container Native Virtualization 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:27903: Red Hat Container Native Virtualization 4.21"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-18T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-28T06:00:00.000Z",
"value": "Made public."
}
],
"title": "kubevirt: kubevirt: VMExport directory symlink escape enables exporter pod file read",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781757410",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781928221",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781590993",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.20::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.20",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781838712",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.21::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "Red Hat Container Native Virtualization 4.21",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782012918",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Thai Son Dinh, GitHub: @sondt99 (VinSOC) for reporting this issue."
}
],
"datePublic": "2026-05-28T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KubeVirt\u0027s virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod\u0027s filesystem. This leads to information disclosure, potentially exposing sensitive data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T19:24:45.875Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:27903",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27903"
},
{
"name": "RHSA-2026:27913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27913"
},
{
"name": "RHSA-2026:27914",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27914"
},
{
"name": "RHSA-2026:27983",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27983"
},
{
"name": "RHSA-2026:28002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28002"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-9804"
},
{
"name": "RHBZ#2482487",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482487"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-18T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-28T06:00:00.000Z",
"value": "Made public."
}
],
"title": "Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-9804",
"datePublished": "2026-05-28T08:15:39.779Z",
"dateReserved": "2026-05-28T06:10:07.134Z",
"dateUpdated": "2026-07-15T00:38:26.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8784 (GCVE-0-2026-8784)
Vulnerability from cvelistv5 – Published: 2026-05-18 02:30 – Updated: 2026-05-18 12:24 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364408 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364408/cti | signaturepermissions-required |
| https://vuldb.com/submit/811897 | third-party-advisory |
| https://github.com/npitre/cramfs-tools/issues/13 | exploitissue-tracking |
| https://github.com/npitre/cramfs-tools/issues/13#… | issue-tracking |
| https://github.com/npitre/cramfs-tools/commit/b4a… | patch |
| https://github.com/npitre/cramfs-tools/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| npitre | cramfs-tools |
Affected:
2.0
Affected: 2.1 Affected: 2.2 cpe:2.3:a:npitre:cramfs-tools:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8784",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:24:11.194480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:24:18.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:npitre:cramfs-tools:*:*:*:*:*:*:*:*"
],
"product": "cramfs-tools",
"vendor": "npitre",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nich0las (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "Symlink Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T02:30:13.275Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364408 | npitre cramfs-tools cramfsck.c change_file_status symlink",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364408"
},
{
"name": "VDB-364408 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364408/cti"
},
{
"name": "Submit #811897 | GNU cramfs-tools below v2.2 Symlink Following",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811897"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/npitre/cramfs-tools/issues/13"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583"
},
{
"tags": [
"patch"
],
"url": "https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4f"
},
{
"tags": [
"product"
],
"url": "https://github.com/npitre/cramfs-tools/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:04:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "npitre cramfs-tools cramfsck.c change_file_status symlink"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8784",
"datePublished": "2026-05-18T02:30:13.275Z",
"dateReserved": "2026-05-17T09:59:14.863Z",
"dateUpdated": "2026-05-18T12:24:18.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8052 (GCVE-0-2026-8052)
Vulnerability from cvelistv5 – Published: 2026-05-12 19:09 – Updated: 2026-05-12 20:22- CWE-59 - Improper Link Resolution Before File Access (Link Following)
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Shared library |
Affected:
0.1.0 , < 0.1.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T20:22:26.659986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:22:44.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Shared library",
"repo": "https://github.com/hashicorp/nomad-driver-exec2",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "0.1.2",
"status": "affected",
"version": "0.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified by the Nomad engineering team in conjunction with Alex Manson (Aiven / NeuroWinter)."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHashiCorp Nomad\u2019s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "HashiCorp Nomad\u2019s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132: Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (Link Following)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T19:09:15.248Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2026-13-nomads-exec2-task-driver-vulnerable-to-arbitrary-file-read-write-on-client-host-through-symlink-attack/77415"
}
],
"source": {
"advisory": "HCSEC-2026-13",
"discovery": "EXTERNAL"
},
"title": "Nomad\u0027s exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2026-8052",
"datePublished": "2026-05-12T19:09:15.248Z",
"dateReserved": "2026-05-06T18:39:30.181Z",
"dateUpdated": "2026-05-12T20:22:44.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7832 (GCVE-0-2026-7832)
Vulnerability from cvelistv5 – Published: 2026-05-05 12:15 – Updated: 2026-05-05 14:12 X_Freeware| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361111 | vdb-entry |
| https://vuldb.com/vuln/361111/cti | signaturepermissions-required |
| https://vuldb.com/submit/797630 | third-party-advisory |
| https://github.com/usernameone101/Writeups/blob/m… | exploitpatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IObit | Advanced SystemCare |
Affected:
19
cpe:2.3:a:iobit:advanced_systemcare:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:56:36.308329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:12:10.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:iobit:advanced_systemcare:*:*:*:*:*:*:*:*"
],
"modules": [
"Service"
],
"product": "Advanced SystemCare",
"vendor": "IObit",
"versions": [
{
"status": "affected",
"version": "19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "usernameone101 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "Symlink Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:15:09.652Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361111 | IObit Advanced SystemCare Service ASC.exe symlink",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/361111"
},
{
"name": "VDB-361111 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361111/cti"
},
{
"name": "Submit #797630 | IObit Advanced SystemCare 19 Link Following",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/797630"
},
{
"tags": [
"exploit",
"patch"
],
"url": "https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated%20v2).pdf"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-05T08:01:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "IObit Advanced SystemCare Service ASC.exe symlink"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7832",
"datePublished": "2026-05-05T12:15:09.652Z",
"dateReserved": "2026-05-05T05:56:24.243Z",
"dateUpdated": "2026-05-05T14:12:10.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.