Symlink

CVE-2026-46185 is an out-of-bounds read vulnerability in the SMB client component within the symlink_data() function, potentially leading to information disclosure or denial of service.

CVE-2026-7374 allows an authenticated OpenShift user with edit permissions in a single namespace to escalate privileges to full cluster control by exploiting improper symlink validation in KubeVirt's virt-handler component when connecting to VM console sockets.

A vulnerability in the `apm-cli` tool allows a malicious APM package to include symlinks that, when installed, can lead to file-content disclosure, by dereferencing symlinks under `.apm/prompts/` and `.apm/agents/` during `apm install`, and copying host-local file contents into the project tree.

Portainer is vulnerable to an arbitrary file read vulnerability due to Git symlink injection when deploying stacks from Git repositories, allowing authenticated users to read sensitive files accessible to the Portainer process.

PraisonAI versions 2.7.2 through 4.6.35 are vulnerable to an arbitrary file write due to improper validation of symlinks during archive extraction, affecting `recipe pull`, `recipe publish`, and `recipe unpack` flows.

CyberPanel version 2.1 is vulnerable to command execution (CVE-2021-47949) where an authenticated attacker can exploit symlink attacks via the filemanager controller endpoint by manipulating the completeStartingPath parameter in POST requests, leading to sensitive file access and arbitrary shell command execution.

A vulnerability in gix and gitoxide allows a malicious repository to use a symlinked `.gitmodules` file pointing outside the repository, leading to the parsing of arbitrary, attacker-controlled submodule configurations and potential manipulation of downstream git operations.

IObit Advanced SystemCare 19 is vulnerable to a local symlink following attack due to improper handling in ASC.exe, potentially allowing a local attacker to escalate privileges.

CVE-2025-68146 describes a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in the filelock library that could allow for symlink attacks during lock file creation, potentially leading to unauthorized file access or modification.

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files by uploading a malicious tar archive containing symlinks, leading to arbitrary file write on the remote host.

A vulnerability in the `compressing` npm package (<=v2.1.0) allows for arbitrary file overwrite via symlink path traversal, bypassing a previous patch for CVE-2026-24884.

Dell AppSync version 4.6.0 is vulnerable to a UNIX Symbolic Link (Symlink) Following vulnerability (CVE-2026-22767) that allows a low-privileged local attacker to tamper with information.

RegPwnBOF exploits a registry symlink race condition in the Windows Accessibility ATConfig mechanism, enabling a normal user to write arbitrary values to protected HKLM registry keys for persistence and privilege escalation.

A vulnerability in rust's gix-fs library (<= 0.21.0) allows a malicious actor to construct a tree that, when checked out with gitoxide, permits writing an attacker-controlled symlink into any existing directory the user has write access to, potentially leading to code execution.

A vulnerability exists in vm2 version 3.10.5 where NodeVM's `require.root` path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context, leading to remote code execution.

An oversight in the CopyFile policy in Kata Containers allows untrusted hosts to write to arbitrary locations inside the guest workload image via symlinks, enabling binary overwrites and data exfiltration.

A time-of-check/time-of-use (TOCTOU) race condition in OpenClaw versions 2026.4.21 and earlier allows a symlink swap to redirect filesystem writes outside the intended sandbox mount root, potentially leading to arbitrary file modification.

A symlink-following path traversal vulnerability exists in apko versions prior to 1.2.5 allowing a malicious .apk file to create a symbolic link pointing outside the build root and subsequently modify files on the host system.