Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1386 — Vulnerability Class 14

14 vulnerabilities classified as CWE-1386. AI Chinese analysis included.

CWE-1386 represents a path traversal vulnerability where software fails to validate whether a file or directory path resolves to a Windows junction or mount point outside its intended control sphere. Attackers typically exploit this by creating malicious symbolic links that redirect access to sensitive system files or unauthorized directories. When the application opens the specified path without verifying the underlying physical location, it inadvertently performs read, write, or delete operations on these external resources, potentially leading to data theft, corruption, or privilege escalation. To mitigate this risk, developers must implement strict path canonicalization and validation routines before processing any file operations. This includes checking for junction points, ensuring paths remain within allowed boundaries, and utilizing secure API functions that explicitly handle symbolic link resolution, thereby preventing unintended access to restricted areas of the file system.

MITRE CWE Description
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere. Depending on the intended action being performed, this could allow an attacker to cause the product to read, write, delete, or otherwise operate on unauthorized files. In Windows, NTFS5 allows for file system objects called reparse points. Applications can create a hard link from one directory to another directory, called a junction point. They can also create a mapping from a directory to a drive letter, called a mount point. If a file is used by a privileged program, but it can be replaced with a hard link to a sensitive file (e.g., AUTOEXEC.BAT), an attacker could escalate privileges. When the process opens the file, the attacker can assume the privileges of that process, tricking the privileged process to read, modify, or delete the sensitive file, preventing the program from accurately processing data. Note that one can also point to registries and semaphores.
Common Consequences (3)
ConfidentialityRead Files or Directories
Read arbitrary files by replacing a user-controlled folder with a mount point and additional hard links.
IntegrityModify Files or Directories
Modify an arbitrary file by replacing the rollback files in installer directories, as they can have the installer execute those rollbacks.
AvailabilityModify Files or Directories
Even if there is no control of contents, an arbitrary file delete or overwrite (when running as SYSTEM or admin) can be used for a permanent system denial-of-service, e.g. by deleting a startup configuration file that prevents the service from starting.
Mitigations (1)
Architecture and DesignWhen designing software that will have different rights than the executer, the software should check that files that it is interacting with are not improper hard links or mount points. One way to do this in Windows is to use the functionality embedded in the following command: "dir /al /s /b" or, in PowerShell, use LinkType as a filter. In addition, some software uses authentication via signing t…
CVE IDTitleCVSSSeverityPublished
CVE-2025-58074 Gen Digital Norton Secure VPN 安全漏洞 — Norton Secure VPN 8.8 High2026-05-04
CVE-2024-36340 AMD uProf 安全漏洞 — AMD μProf 6.6 Medium2025-05-13
CVE-2024-7400 Local privilege escalation in ESET products for Windows — ESET NOD32 Antivirus 7.1AIHighAI2024-09-27
CVE-2023-32454 Dell Update Package(DUP)Framework 后置链接漏洞 — DUP Framework 6.3 Medium2024-02-06
CVE-2023-32474 Dell Display Manager 后置链接漏洞 — Dell Display Manager 6.6 Medium2024-02-06
CVE-2023-5834 Vagrant’s Windows Installer Allowed Directory Junction Write — Vagrant 3.8 Low2023-10-27
CVE-2023-40623 Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer) — SAP BusinessObjects Suite (Installer) 6.2 Medium2023-09-12
CVE-2023-32470 Dell Digital Delivery 安全漏洞 — Dell Digital Delivery 5.0 Medium2023-09-08
CVE-2023-28065 部分Dell产品 后置链接漏洞 — Dell Command Update (DCU) 6.7 Medium2023-06-23
CVE-2023-28071 Dell Command Update 后置链接漏洞 — Dell Command Update (DCU) 6.3 Medium2023-06-23
CVE-2023-23697 Dell Command | Intel vPro Out of Band 后置链接漏洞 — Dell Command Update (DCU) 4.7 Medium2023-02-13
CVE-2023-24572 Dell Command Integration Suite for System Center 后置链接漏洞 — Dell Command Integration Suite for System Center (DCIS) 4.7 Medium2023-02-13
CVE-2023-23698 多款Dell产品 安全漏洞 — Dell Command Update (DCU) 5.5 Medium2023-02-10
CVE-2022-42291 NVIDIA GeForce Experience 后置链接漏洞 — GeForce Experience 8.2 High2023-02-07

Vulnerabilities classified as CWE-1386 represent 14 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.