Total
1434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-33748 | 2026-03-30 | N/A | N/A | ||
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink. | |||||
| CVE-2026-20694 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-26 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | |||||
| CVE-2026-28866 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-25 | N/A | 6.2 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-20633 | 1 Apple | 1 Macos | 2026-03-25 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | |||||
| CVE-2026-32054 | 1 Openclaw | 1 Openclaw | 2026-03-24 | N/A | 6.5 MEDIUM |
| OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system. | |||||
| CVE-2026-32013 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 8.8 HIGH |
| OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway process permissions, potentially enabling code execution through file overwrite attacks. | |||||
| CVE-2026-32020 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 3.3 LOW |
| OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files outside the intended root. | |||||
| CVE-2026-32024 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 5.5 MEDIUM |
| OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local files accessible to the OpenClaw process. | |||||
| CVE-2026-22180 | 1 Openclaw | 1 Openclaw | 2026-03-20 | N/A | 5.3 MEDIUM |
| OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and write files to arbitrary locations. | |||||
| CVE-2026-33001 | 1 Jenkins | 1 Jenkins | 2026-03-20 | N/A | 8.8 HIGH |
| Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running Jenkins. This can be exploited to deploy malicious scripts or plugins on the controller by attackers with Item/Configure permission, or able to control agent processes. | |||||
| CVE-2026-31990 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 6.1 MEDIUM |
| OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the media/inbound directory to overwrite arbitrary files on the host system outside sandbox boundaries. | |||||
| CVE-2026-31979 | 1 Himmelblau-idm | 1 Himmelblau | 2026-03-16 | N/A | 8.8 HIGH |
| Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_<uid> without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon's systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8. | |||||
| CVE-2026-31894 | 1 Wegia | 1 Wegia | 2026-03-13 | N/A | 7.5 HIGH |
| WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob() and file_get_contents() to read SQL files from the extracted contents. Neither the extraction nor the file reading validates whether archive members are symbolic links. This vulnerability is fixed in 3.6.6. | |||||
| CVE-2026-25187 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-03-13 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-27748 | 1 Avira | 1 Internet Security | 2026-03-13 | N/A | 7.8 HIGH |
| Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration. | |||||
| CVE-2026-2808 | 2026-03-12 | N/A | 6.8 MEDIUM | ||
| HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5. | |||||
| CVE-2026-28689 | 1 Imagemagick | 1 Imagemagick | 2026-03-12 | N/A | 6.3 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | |||||
| CVE-2026-29786 | 1 Isaacs | 1 Tar | 2026-03-11 | N/A | 6.3 MEDIUM |
| node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10. | |||||
| CVE-2025-15318 | 1 Tanium | 1 End-user Notifications | 2026-03-09 | N/A | 5.5 MEDIUM |
| Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. | |||||
| CVE-2025-15319 | 1 Tanium | 1 Patch Endpoint Tools | 2026-03-09 | N/A | 7.8 HIGH |
| Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | |||||