Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-61 — Vulnerability Class 100

100 vulnerabilities classified as CWE-61. AI Chinese analysis included.

CWE-61 represents a critical input validation weakness where software fails to adequately verify the final destination of a symbolic link during file or directory access operations. Attackers typically exploit this vulnerability by crafting malicious symlinks that point to sensitive system files or directories outside the application’s intended control sphere. When the vulnerable program follows these links, it inadvertently reads, modifies, or deletes unauthorized data, potentially leading to information disclosure, privilege escalation, or denial of service. To mitigate this risk, developers must implement strict path canonicalization and validation mechanisms before processing any file paths. This involves resolving symbolic links to their absolute physical paths and ensuring the resulting target resides within an allowed directory tree. Additionally, using secure file handling APIs that explicitly reject symlink traversal or employing chroot jails can effectively isolate applications from such path manipulation attacks.

MITRE CWE Description
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
Mitigations (2)
ImplementationSymbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CVE IDTitleCVSSSeverityPublished
CVE-2026-29203 cPanel 安全漏洞 — cPanel 7.8AIHighAI2026-05-08
CVE-2026-42275 zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write — zrok 8.7 High2026-05-08
CVE-2026-31893 Tunnelblick arbitrary file read via symlink following in tunnelblickd — Tunnelblick 5.5 -2026-05-05
CVE-2026-7832 IObit Advanced SystemCare Service ASC.exe symlink — Advanced SystemCare 7.0 High2026-05-05
CVE-2026-43570 OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling — OpenClaw 6.5 Medium2026-05-05
CVE-2026-7397 NousResearch hermes-agent file_tools.py _check_sensitive_path symlink — hermes-agent 4.4 Medium2026-04-29
CVE-2026-41326 Kata Containers: CopyFile Policy Subversion via Symlinks — kata-containers 8.4AIHighAI2026-04-24
CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag — coreutils 5.0 Medium2026-04-22
CVE-2026-40354 XDG Desktop Portal 安全漏洞 — xdg-desktop-portal 2.9 Low2026-04-11
CVE-2026-21916 Junos OS: A low privileged user can escalate their privileges so that they can login as root — Junos OS 7.3 High2026-04-09
CVE-2026-35632 OpenClaw <= 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/update — OpenClaw 7.1 High2026-04-09
CVE-2026-39860 Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination — nix 9.0 Critical2026-04-08
CVE-2026-35525 LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates — liquidjs 7.5AIHighAI2026-04-08
CVE-2026-34078 Flatpak has a complete sandbox escape leading to host file access and code execution in the host context — flatpak 7.8AIHighAI2026-04-07
CVE-2026-34447 ONNX: External Data Symlink Traversal — onnx 5.5 Medium2026-04-01
CVE-2026-22767 Dell AppSync 安全漏洞 — AppSync 7.3 High2026-04-01
CVE-2026-33711 Incus vulnerable to local privilege escalation through VM screenshot path — incus--2026-03-26
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks — tar-rs 8.1 -2026-03-20
CVE-2026-24018 Fortinet FortiClientLinux 安全漏洞 — FortiClientLinux 7.4 High2026-03-10
CVE-2026-27976 Zed Extension Sandbox Escape via Tar Symlink Following — zed 8.8 High2026-02-25
CVE-2026-27485 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection — openclaw 5.5 -2026-02-21
CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links — claude-code 6.5AIMediumAI2026-02-06
CVE-2026-1386 Arbitrary Host File Overwrite via Symlink in Firecracker Jailer — Firecracker 6.0 Medium2026-01-23
CVE-2026-23986 Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true — copier 7.5AIHighAI2026-01-21
CVE-2026-23968 Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false — copier 8.2AIHighAI2026-01-21
CVE-2025-68937 Forgejo 安全漏洞 — Forgejo 8.4AIHighAI2025-12-25
CVE-2025-33225 NVIDIA Resiliency Extension 安全漏洞 — Resiliency Extension 8.4 High2025-12-16
CVE-2025-14693 Ugreen DH2100+ USB symlink — DH2100+ 6.2 Medium2025-12-15
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal — static-web-server 8.6AIHighAI2025-12-09
CVE-2025-66431 WebPros Plesk 安全漏洞 — Plesk 7.8 High2025-12-03

Vulnerabilities classified as CWE-61 represent 100 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.