Description
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.
CVE vulnerabilities with CWE-1386 (15)
8.8
CVSS
HIGH
CVE-2025-58074
pub. 2026-05-04
8.5
CVSS
HIGH
CVE-2024-7400
pub. 2024-09-27
8.2
CVSS
HIGH
CVE-2022-42291
pub. 2023-02-07
6.7
CVSS
MEDIUM
CVE-2023-28065
pub. 2023-06-23
6.6
CVSS
MEDIUM
CVE-2024-36340
pub. 2025-05-13
6.6
CVSS
MEDIUM
CVE-2023-32474
pub. 2024-02-06
6.3
CVSS
MEDIUM
CVE-2026-41116
pub. 2026-06-09
6.3
CVSS
MEDIUM
CVE-2023-32454
pub. 2024-02-06
6.3
CVSS
MEDIUM
CVE-2023-28071
pub. 2023-06-23
6.2
CVSS
MEDIUM
CVE-2023-40623
pub. 2023-09-12
5.5
CVSS
MEDIUM
CVE-2023-23698
pub. 2023-02-10
5.0
CVSS
MEDIUM
CVE-2023-32470
pub. 2023-09-08
4.7
CVSS
MEDIUM
CVE-2023-23697
pub. 2023-02-13
4.7
CVSS
MEDIUM
CVE-2023-24572
pub. 2023-02-13
3.8
CVSS
LOW
CVE-2023-5834
pub. 2023-10-27