CWE-61 · UNIX Symbolic Link (Symlink) Following

149 CVEs classified under CWE-61 (UNIX Symbolic Link (Symlink) Following). Browse by severity and year.

Top CVEs for CWE-61
CVESeverityScorePublishedSummary
CVE-2026-39861Critical10.02026-04-21Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to lo…
CVE-2026-34078Critical10.02026-04-07Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can…
CVE-2025-62596Critical10.02025-11-06Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, an…
CVE-2025-62161Critical10.02025-11-06Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container e…
CVE-2024-28189Critical10.02024-04-18Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abu…
CVE-2024-28185Critical10.02024-04-18Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leverage…
CVE-2025-23394Critical9.82025-05-26A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumb…
CVE-2024-54148Critical9.82024-12-23Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the se…
CVE-2024-54661Critical9.82024-12-04readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.
CVE-2026-55447Critical9.62026-06-23Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attack…
CVE-2026-39860Critical9.02026-04-08Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix pr…
CVE-2026-6475High8.82026-05-14Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc…
CVE-2026-29203High8.82026-05-08A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories…
CVE-2026-27976High8.82026-02-26Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates sy…
CVE-2025-55345High8.82025-08-13Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code ex…
CVE-2024-44132High8.82024-09-17This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
CVE-2024-22014High8.82024-04-15An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to A…
CVE-2026-42275High8.72026-05-08zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path t…
CVE-2025-67487High8.62025-12-09Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) w…
CVE-2026-54420High8.52026-06-14LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell acces…