CWE•Base•Draft•20 recent CVEs
CWE-59Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Common consequences
- Confidentiality,Integrity,Access Control→Read Files or Directories,Modify Files or Directories,Bypass Protection MechanismAn attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
- Other→Execute Unauthorized Code or CommandsWindows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.
Potential mitigations
- Architecture and Design[object Object]
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-113226.52026-06-04CVE-2026-412368.82026-06-04CVE-2026-427952026-06-02CVE-2026-491357.12026-06-01CVE-2026-408616.52026-06-01CVE-2026-68925.02026-05-29CVE-2026-68915.02026-05-29CVE-2026-454032.02026-05-28CVE-2026-448819.92026-05-28CVE-2026-98047.72026-05-28CVE-2026-447117.92026-05-27CVE-2026-489217.52026-05-27CVE-2026-486935.52026-05-26CVE-2026-73749.92026-05-26CVE-2026-424977.52026-05-26CVE-2026-424969.12026-05-26CVE-2026-406105.52026-05-22CVE-2025-712127.82026-05-21CVE-2026-440518.12026-05-21CVE-2026-428347.82026-05-20