CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1990 vulnerabilities reference this CWE, most recent first.
GHSA-F9X4-3X96-W2VF
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2025-04-12 13:07mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
{
"affected": [],
"aliases": [
"CVE-2016-6664"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-13T21:59:00Z",
"severity": "HIGH"
},
"details": "mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.",
"id": "GHSA-f9x4-3x96-w2vf",
"modified": "2025-04-12T13:07:19Z",
"published": "2022-05-13T01:13:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6664"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40679"
},
{
"type": "WEB",
"url": "https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664"
},
{
"type": "WEB",
"url": "http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2016/Nov/4"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/539695/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93612"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FC8W-PPFG-5247
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
{
"affected": [],
"aliases": [
"CVE-2021-32547"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.",
"id": "GHSA-fc8w-ppfg-5247",
"modified": "2022-05-24T19:05:16Z",
"published": "2022-05-24T19:05:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32547"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FC9P-2X28-25PW
Vulnerability from github – Published: 2022-05-17 05:49 – Updated: 2022-05-17 05:49GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
{
"affected": [],
"aliases": [
"CVE-2010-2056"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-07-22T05:43:00Z",
"severity": "LOW"
},
"details": "GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.",
"id": "GHSA-fc9p-2x28-25pw",
"modified": "2022-05-17T05:49:39Z",
"published": "2022-05-17T05:49:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2056"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599621"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html"
},
{
"type": "WEB",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6368"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40475"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40532"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/66249"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1757"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FC9X-CC67-2CJ6
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the FPQuarTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19397.
{
"affected": [],
"aliases": [
"CVE-2023-32179"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T02:15:24Z",
"severity": "HIGH"
},
"details": "VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the FPQuarTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19397.",
"id": "GHSA-fc9x-cc67-2cj6",
"modified": "2024-05-03T03:30:51Z",
"published": "2024-05-03T03:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32179"
},
{
"type": "WEB",
"url": "https://success.vipre.com/en_US/antivirus-plus-release-notes/home-plus-release-notes-20230530"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-759"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FCFM-93GV-WH6F
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-27 21:31Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.
_make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode.
A subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header's mode, owner, and timestamps to the shared inode during extraction alone.
{
"affected": [],
"aliases": [
"CVE-2026-42497"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T02:16:40Z",
"severity": "HIGH"
},
"details": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.\n\n_make_special_file() passes the tar header\u0027s linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file\u0027s inode.\n\nA subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header\u0027s mode, owner, and timestamps to the shared inode during extraction alone.",
"id": "GHSA-fcfm-93gv-wh6f",
"modified": "2026-05-27T21:31:19Z",
"published": "2026-05-26T13:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42497"
},
{
"type": "WEB",
"url": "https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42496"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FFHX-2RRF-9C23
Vulnerability from github – Published: 2024-06-12 09:30 – Updated: 2024-11-12 18:30A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
{
"affected": [],
"aliases": [
"CVE-2024-5742"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-12T09:15:23Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.",
"id": "GHSA-ffhx-2rrf-9c23",
"modified": "2024-11-12T18:30:50Z",
"published": "2024-06-12T09:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5742"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6986"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9430"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FFJP-66MX-3QPJ
Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2022-04-07 18:31An issue was discovered in file profile.go. The MemProf and GetCPUProfile functions do not correctly check whether the created file exists. As a result attackers can launch attacks symlink attacks locally. Attackers can use this vulnerability to escalate privileges.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/beego/beego/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.0.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/beego/beego"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27116"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-07T18:31:32Z",
"nvd_published_at": "2022-04-05T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in file profile.go. The MemProf and GetCPUProfile functions do not correctly check whether the created file exists. As a result attackers can launch attacks symlink attacks locally. Attackers can use this vulnerability to escalate privileges.",
"id": "GHSA-ffjp-66mx-3qpj",
"modified": "2022-04-07T18:31:32Z",
"published": "2022-04-06T00:01:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27116"
},
{
"type": "WEB",
"url": "https://github.com/beego/beego/issues/4484"
},
{
"type": "PACKAGE",
"url": "https://github.com/beego/beego"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Privilege escalation in beego"
}
GHSA-FFR4-MRHV-VFR2
Vulnerability from github – Published: 2026-03-21 03:31 – Updated: 2026-03-27 20:18Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-36h3-7c54-j27r. This link is maintained to preserve external references.
Original Description
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2026.2.25"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-27T20:18:56Z",
"nvd_published_at": "2026-03-21T01:17:08Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-36h3-7c54-j27r. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system.",
"id": "GHSA-ffr4-mrhv-vfr2",
"modified": "2026-03-27T20:18:56Z",
"published": "2026-03-21T03:31:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32054"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-browser-trace-download-path-handling"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling",
"withdrawn": "2026-03-27T20:18:56Z"
}
GHSA-FFWC-J4XG-37CV
Vulnerability from github – Published: 2022-04-30 18:17 – Updated: 2024-02-02 03:30Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
{
"affected": [],
"aliases": [
"CVE-2001-1042"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-07-02T04:00:00Z",
"severity": "MODERATE"
},
"details": "Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.",
"id": "GHSA-ffwc-j4xg-37cv",
"modified": "2024-02-02T03:30:28Z",
"published": "2022-04-30T18:17:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1042"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6760"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/194443"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/2960"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FG55-Q9XQ-HQPH
Vulnerability from github – Published: 2025-07-30 00:32 – Updated: 2025-11-03 21:34This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks.
{
"affected": [],
"aliases": [
"CVE-2025-43252"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-30T00:15:37Z",
"severity": "MODERATE"
},
"details": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks.",
"id": "GHSA-fg55-q9xq-hqph",
"modified": "2025-11-03T21:34:16Z",
"published": "2025-07-30T00:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43252"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124149"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.