CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1988 vulnerabilities reference this CWE, most recent first.
GHSA-4Q9C-FVPX-PQ67
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:11deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.
{
"affected": [],
"aliases": [
"CVE-2019-13228"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-04T12:15:00Z",
"severity": "MODERATE"
},
"details": "deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.",
"id": "GHSA-4q9c-fvpx-pq67",
"modified": "2024-04-04T01:11:29Z",
"published": "2022-05-24T16:49:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13228"
},
{
"type": "WEB",
"url": "https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1130388"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/07/04/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4Q9R-MJ23-G4VQ
Vulnerability from github – Published: 2022-05-14 01:08 – Updated: 2022-05-14 01:08OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
{
"affected": [],
"aliases": [
"CVE-2013-2561"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-11-23T18:55:00Z",
"severity": "MODERATE"
},
"details": "OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.",
"id": "GHSA-4q9r-mj23-g4vq",
"modified": "2022-05-14T01:08:26Z",
"published": "2022-05-14T01:08:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2561"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=927430"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1661.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2013/Mar/87"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/4"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/58335"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4R2W-W73W-36JM
Vulnerability from github – Published: 2022-05-14 02:09 – Updated: 2023-08-04 15:51tag.py in eyeD3 (aka python-eyed3) 0.7.5 and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "eyeD3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-1934"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-04T15:51:07Z",
"nvd_published_at": "2014-05-08T14:29:00Z",
"severity": "MODERATE"
},
"details": "tag.py in eyeD3 (aka python-eyed3) 0.7.5 and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.",
"id": "GHSA-4r2w-w73w-36jm",
"modified": "2023-08-04T15:51:07Z",
"published": "2022-05-14T02:09:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1934"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063671"
},
{
"type": "PACKAGE",
"url": "https://github.com/nicfit/eyeD3"
},
{
"type": "WEB",
"url": "https://koji.fedoraproject.org/koji/buildinfo?buildID=594272"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "eyeD3 is vulnerable to arbitrary file modification via symlink attack"
}
GHSA-4R4V-X4WJ-59WX
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-07 21:30A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.
{
"affected": [],
"aliases": [
"CVE-2022-22582"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "MODERATE"
},
"details": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.",
"id": "GHSA-4r4v-x4wj-59wx",
"modified": "2023-03-07T21:30:17Z",
"published": "2023-02-27T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22582"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213183"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213184"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213185"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4R83-3X2W-GG64
Vulnerability from github – Published: 2022-05-17 03:06 – Updated: 2022-05-17 03:06The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.
{
"affected": [],
"aliases": [
"CVE-2014-3486"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-07-07T14:55:00Z",
"severity": "MODERATE"
},
"details": "The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.",
"id": "GHSA-4r83-3x2w-gg64",
"modified": "2022-05-17T03:06:07Z",
"published": "2022-05-17T03:06:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3486"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0816"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2014-3486"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/68300"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4VJ3-F849-5R48
Vulnerability from github – Published: 2020-06-03 22:02 – Updated: 2021-07-29 17:23All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "snyk-broker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.80.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7653"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-01T19:42:29Z",
"nvd_published_at": "2020-05-29T21:15:00Z",
"severity": "MODERATE"
},
"details": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths.",
"id": "GHSA-4vj3-f849-5r48",
"modified": "2021-07-29T17:23:47Z",
"published": "2020-06-03T22:02:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7653"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"type": "WEB",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary File Read in Snyk Broker"
}
GHSA-4VJ4-G3HP-PFW5
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-1091"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-22T05:15:00Z",
"severity": "HIGH"
},
"details": "NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.",
"id": "GHSA-4vj4-g3hp-pfw5",
"modified": "2022-05-24T19:09:03Z",
"published": "2022-05-24T19:09:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1091"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4VP2-6Q8C-PVQ2
Vulnerability from github – Published: 2026-06-25 16:53 – Updated: 2026-06-25 16:53The Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command.
Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.
Claude Code thanks hackerone.com/c_h4ck_0 for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@anthropic-ai/claude-code"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.59"
},
{
"fixed": "2.1.128"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46406"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-377",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T16:53:00Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The Claude Code `/copy` command wrote responses to a hardcoded, predictable path (`/tmp/claude/response.md`) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user\u0027s Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the `/copy` command.\n\nUsers on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.\n\nClaude Code thanks hackerone.com/c_h4ck_0 for reporting this issue.",
"id": "GHSA-4vp2-6q8c-pvq2",
"modified": "2026-06-25T16:53:00Z",
"published": "2026-06-25T16:53:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-4vp2-6q8c-pvq2"
},
{
"type": "PACKAGE",
"url": "https://github.com/anthropics/claude-code"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write"
}
GHSA-4VRQ-3VRQ-G6GG
Vulnerability from github – Published: 2026-03-26 18:27 – Updated: 2026-04-24 20:58Impact
Insufficient validation of Git URL fragment subdir components (<url>#<ref>:<subdir>, docs) may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem.
Patches
The issue has been fixed in version v0.28.1
Workarounds
The issue affects only builds that use Git URLs with a subpath component. Avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/buildkit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33748"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-26T18:27:49Z",
"nvd_published_at": "2026-03-27T15:16:57Z",
"severity": "HIGH"
},
"details": "### Impact\nInsufficient validation of Git URL fragment subdir components (`\u003curl\u003e#\u003cref\u003e:\u003csubdir\u003e`, [docs](https://docs.docker.com/build/concepts/context/#url-fragments)) may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem.\n\n### Patches\nThe issue has been fixed in version v0.28.1\n\n### Workarounds\nThe issue affects only builds that use Git URLs with a subpath component. Avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.",
"id": "GHSA-4vrq-3vrq-g6gg",
"modified": "2026-04-24T20:58:22Z",
"published": "2026-03-26T18:27:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748"
},
{
"type": "WEB",
"url": "https://docs.docker.com/build/concepts/context/#url-fragments"
},
{
"type": "PACKAGE",
"url": "https://github.com/moby/buildkit"
},
{
"type": "WEB",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "BuildKit Git URL subdir component can cause access to restricted files"
}
GHSA-4VVF-498M-F8P7
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Improper link resolution before file access ('link following') for some Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2025-24918"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T17:15:44Z",
"severity": "MODERATE"
},
"details": "Improper link resolution before file access (\u0027link following\u0027) for some Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
"id": "GHSA-4vvf-498m-f8p7",
"modified": "2025-11-11T18:30:18Z",
"published": "2025-11-11T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24918"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01400.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.