Description
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Extended Description
A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.
CVE vulnerabilities with CWE-61 (151)
10.0
CVSS
CRITICAL
CVE-2024-28185
pub. 2024-04-18
10.0
CVSS
CRITICAL
CVE-2024-28189
pub. 2024-04-18
9.8
CVSS
CRITICAL
CVE-2025-23394
pub. 2025-05-26
9.8
CVSS
CRITICAL
CVE-2024-54661
pub. 2024-12-04
9.6
CVSS
CRITICAL
CVE-2026-55447
pub. 2026-06-23
9.5
CVSS
CRITICAL
CVE-2025-68937
pub. 2025-12-26
9.3
CVSS
CRITICAL
CVE-2026-34078
pub. 2026-04-07
9.0
CVSS
CRITICAL
CVE-2026-52811
pub. 2026-06-24
9.0
CVSS
CRITICAL
CVE-2026-39860
pub. 2026-04-08
8.8
CVSS
HIGH
CVE-2026-6475
pub. 2026-05-14
8.8
CVSS
HIGH
CVE-2026-27976
pub. 2026-02-26
8.8
CVSS
HIGH
CVE-2025-55345
pub. 2025-08-13
8.8
CVSS
HIGH
CVE-2024-44132
pub. 2024-09-17
8.8
CVSS
HIGH
CVE-2024-22014
pub. 2024-04-15
8.7
CVSS
HIGH
CVE-2026-42275
pub. 2026-05-08
8.7
CVSS
HIGH
CVE-2026-27489
pub. 2026-04-01
8.7
CVSS
HIGH
CVE-2025-59343
pub. 2025-09-24
8.7
CVSS
HIGH
CVE-2025-57802
pub. 2025-08-25
8.7
CVSS
HIGH
CVE-2024-54148
pub. 2024-12-23
8.6
CVSS
HIGH
CVE-2026-56876
pub. 2026-06-26
Showing 20 of 151 vulnerabilities