CWE-61 · UNIX Symbolic Link (Symlink) Following
149 CVEs classified under CWE-61 (UNIX Symbolic Link (Symlink) Following). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39861 | Critical | 10.0 | 2026-04-21 | Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to lo… |
CVE-2026-34078 | Critical | 10.0 | 2026-04-07 | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can… |
CVE-2025-62596 | Critical | 10.0 | 2025-11-06 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, an… |
CVE-2025-62161 | Critical | 10.0 | 2025-11-06 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container e… |
CVE-2024-28189 | Critical | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abu… |
CVE-2024-28185 | Critical | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leverage… |
CVE-2025-23394 | Critical | 9.8 | 2025-05-26 | A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumb… |
CVE-2024-54148 | Critical | 9.8 | 2024-12-23 | Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the se… |
CVE-2024-54661 | Critical | 9.8 | 2024-12-04 | readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. |
CVE-2026-55447 | Critical | 9.6 | 2026-06-23 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attack… |
CVE-2026-39860 | Critical | 9.0 | 2026-04-08 | Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix pr… |
CVE-2026-6475 | High | 8.8 | 2026-05-14 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc… |
CVE-2026-29203 | High | 8.8 | 2026-05-08 | A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories… |
CVE-2026-27976 | High | 8.8 | 2026-02-26 | Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates sy… |
CVE-2025-55345 | High | 8.8 | 2025-08-13 | Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code ex… |
CVE-2024-44132 | High | 8.8 | 2024-09-17 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. |
CVE-2024-22014 | High | 8.8 | 2024-04-15 | An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to A… |
CVE-2026-42275 | High | 8.7 | 2026-05-08 | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path t… |
CVE-2025-67487 | High | 8.6 | 2025-12-09 | Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) w… |
CVE-2026-54420 | High | 8.5 | 2026-06-14 | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell acces… |