CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1986 vulnerabilities reference this CWE, most recent first.
GHSA-VF4X-P8GP-539H
Vulnerability from github – Published: 2022-05-01 23:32 – Updated: 2022-05-01 23:32Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
{
"affected": [],
"aliases": [
"CVE-2008-0666"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-02-11T21:00:00Z",
"severity": "LOW"
},
"details": "Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.",
"id": "GHSA-vf4x-p8gp-539h",
"modified": "2022-05-01T23:32:11Z",
"published": "2022-05-01T23:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0666"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/28829"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/28856"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29353"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200803-23.xml"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1492"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:076"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/27685"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VFFM-6XRX-22H3
Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.
{
"affected": [],
"aliases": [
"CVE-2008-4986"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-06T15:55:00Z",
"severity": "MODERATE"
},
"details": "wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.",
"id": "GHSA-vffm-6xrx-22h3",
"modified": "2022-05-17T02:18:27Z",
"published": "2022-05-17T02:18:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4986"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46510"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/496387"
},
{
"type": "WEB",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/wims"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32244"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VFR2-MJP4-M9M3
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44Windows Update Stack Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-26889"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T16:15:00Z",
"severity": "HIGH"
},
"details": "Windows Update Stack Elevation of Privilege Vulnerability",
"id": "GHSA-vfr2-mjp4-m9m3",
"modified": "2022-05-24T17:44:21Z",
"published": "2022-05-24T17:44:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26889"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26889"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-328"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFRM-87WR-XVJF
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.
{
"affected": [],
"aliases": [
"CVE-2018-6557"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-21T16:29:00Z",
"severity": "HIGH"
},
"details": "The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.",
"id": "GHSA-vfrm-87wr-xvjf",
"modified": "2022-05-14T01:57:31Z",
"published": "2022-05-14T01:57:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6557"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3748-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105148"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041530"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VGFH-PPXH-3G5C
Vulnerability from github – Published: 2022-05-03 03:07 – Updated: 2022-05-03 03:07BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
{
"affected": [],
"aliases": [
"CVE-2002-0824"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-08-12T04:00:00Z",
"severity": "MODERATE"
},
"details": "BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.",
"id": "GHSA-vgfh-ppxh-3g5c",
"modified": "2022-05-03T03:07:59Z",
"published": "2022-05-03T03:07:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0824"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=102812546815606\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/9738.php"
},
{
"type": "WEB",
"url": "http://www.openbsd.org/errata31.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/5355"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VGFW-QWQF-RMVV
Vulnerability from github – Published: 2022-05-01 18:20 – Updated: 2022-05-01 18:20CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.
{
"affected": [],
"aliases": [
"CVE-2007-4129"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-11-08T11:46:00Z",
"severity": "LOW"
},
"details": "CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.",
"id": "GHSA-vgfw-qwqf-rmvv",
"modified": "2022-05-01T18:20:37Z",
"published": "2022-05-01T18:20:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4129"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=251774"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38330"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11413"
},
{
"type": "WEB",
"url": "http://osvdb.org/40435"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27591"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0631.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/26369"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VGGF-RH6P-W6XJ
Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
{
"affected": [],
"aliases": [
"CVE-2008-5147"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-18T16:00:00Z",
"severity": "MODERATE"
},
"details": "test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.",
"id": "GHSA-vggf-rh6p-w6xj",
"modified": "2022-05-17T02:18:02Z",
"published": "2022-05-17T02:18:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5147"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46713"
},
{
"type": "WEB",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"type": "WEB",
"url": "http://uvw.ru/report.sid.txt"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32418"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VGJQ-7PQ9-CVWP
Vulnerability from github – Published: 2026-07-14 00:31 – Updated: 2026-07-14 00:31OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.
{
"affected": [],
"aliases": [
"CVE-2026-62189"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T22:16:50Z",
"severity": "HIGH"
},
"details": "OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.",
"id": "GHSA-vgjq-7pq9-cvwp",
"modified": "2026-07-14T00:31:03Z",
"published": "2026-07-14T00:31:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m38g-vpwj-mpg9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-62189"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-symlink-following-via-mirror-sync"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VGR5-M78W-8RC3
Vulnerability from github – Published: 2022-05-17 03:47 – Updated: 2022-05-17 03:47The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).
{
"affected": [],
"aliases": [
"CVE-2013-7393"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-07-28T19:55:00Z",
"severity": "LOW"
},
"details": "The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).",
"id": "GHSA-vgr5-m78w-8rc3",
"modified": "2022-05-17T03:47:56Z",
"published": "2022-05-17T03:47:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7393"
},
{
"type": "WEB",
"url": "https://subversion.apache.org/security/CVE-2013-4262-advisory.txt"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VH52-RW4G-55J6
Vulnerability from github – Published: 2025-06-02 06:30 – Updated: 2025-06-02 06:30Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file deletion to privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2024-11857"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T04:15:26Z",
"severity": "HIGH"
},
"details": "Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file deletion to privilege escalation.",
"id": "GHSA-vh52-rw4g-55j6",
"modified": "2025-06-02T06:30:32Z",
"published": "2025-06-02T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11857"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-10161-fa1b5-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-10160-76012-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.