CWE-59 · Improper Link Resolution Before File Access

1542 CVEs classified under CWE-59 (Improper Link Resolution Before File Access). Browse by severity and year.

Top CVEs for CWE-59
CVESeverityScorePublishedSummary
CVE-2026-34078Critical10.02026-04-07Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can…
CVE-2024-37143Critical10.02024-12-10Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to…
CVE-2024-28189Critical10.02024-04-18Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abu…
CVE-2024-28185Critical10.02024-04-18Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leverage…
CVE-2022-22995Critical10.02022-03-25The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p…
CVE-2026-44881Critical9.92026-05-28Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and…
CVE-2026-7374Critical9.92026-05-26A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to…
CVE-2023-6069Critical9.92023-11-10Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
CVE-2018-5225Critical9.92018-03-22In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed v…
CVE-2026-50549Critical9.82026-06-25Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent can…
CVE-2025-66277Critical9.82026-02-11A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to t…
CVE-2025-43220Critical9.82025-07-30This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13…
CVE-2025-30457Critical9.82025-03-31This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A maliciou…
CVE-2024-48862Critical9.82024-11-22A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file syst…
CVE-2024-6868Critical9.82024-10-29mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify addit…
CVE-2022-34960Critical9.82022-08-25The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the hos…
CVE-2022-26612Critical9.82022-04-07In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may…
CVE-2021-21691Critical9.82021-11-04Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
CVE-2020-27172Critical9.82020-12-28An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write…
CVE-2020-9682Critical9.82020-07-17Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary f…