目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-59 在文件访问前对链接解析不恰当(链接跟随) 类漏洞列表 450

CWE-59 在文件访问前对链接解析不恰当(链接跟随) 类弱点 450 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-59 属于文件访问类漏洞,指程序在访问文件前未正确验证链接解析结果。攻击者常通过创建指向敏感资源的符号链接或快捷方式,诱导程序读取非预期文件,从而引发信息泄露或权限提升。开发者应避免直接使用用户输入的文件名,需在访问前校验最终解析路径,确保其位于预期的安全目录内,防止链接劫持风险。

MITRE CWE 官方描述
CWE:CWE-59 文件访问前链接解析不当('Link Following') 英文:产品尝试基于文件名访问文件,但未能正确防止该文件名标识解析到非预期资源的链接或快捷方式。
常见影响 (2)
Confidentiality, Integrity, Access ControlRead Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
OtherExecute Unauthorized Code or Commands
Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.
缓解措施 (1)
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CVE ID标题CVSS风险等级Published
CVE-2026-42795 Hex Package 导出符号链接漏洞,允许嵌入项目根目录外文件 — Gleam--2026-06-02
CVE-2026-40861 Apache Airflow 日志链接追踪任意文件读取漏洞 — Apache Airflow--2026-06-01
CVE-2026-6892 Canon CUPS Printer Driver 安全漏洞 — Canon PIXUS iX6800 Series CUPS Printer Driver for macOS 5.0 Medium2026-05-29
CVE-2026-6891 Canon My Image Garden 安全漏洞 — My Image Garden for macOS 5.0 Medium2026-05-28
CVE-2026-45403 AnythingLLM 后置链接漏洞 — anything-llm 2.0 Low2026-05-28
CVE-2026-44881 Portainer 信息泄露漏洞 — portainer--2026-05-28
CVE-2026-9804 Kubevirt 后置链接漏洞 — Red Hat OpenShift Virtualization 4 7.7 High2026-05-28
CVE-2026-44711 pam_usb 授权问题漏洞 — pam_usb 7.9 High2026-05-27
CVE-2026-7374 Kubevirt 后置链接漏洞 — Red Hat Container Native Virtualization 4.12 9.9 Critical2026-05-26
CVE-2026-42497 Pear Archive_Tar 安全漏洞 — Archive::Tar--2026-05-26
CVE-2026-42496 Pear Archive_Tar 安全漏洞 — Archive::Tar--2026-05-26
CVE-2026-40610 BentoML 后置链接漏洞 — BentoML 5.5 Medium2026-05-22
CVE-2025-71212 Trend Micro Apex One 后置链接漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-44051 Netatalk 后置链接漏洞 — Netatalk 8.1 High2026-05-21
CVE-2026-42834 Microsoft Azure Portal Windows Admin Center 后置链接漏洞 — Windows Admin Center in Azure Portal 7.8 High2026-05-20
CVE-2026-41091 Microsoft Defender 后置链接漏洞 — Microsoft Malware Protection Engine 7.8 High2026-05-20
CVE-2026-45539 APM – Agent Package Manager 后置链接漏洞 — apm 7.4 High2026-05-15
CVE-2026-44471 gitoxide 后置链接漏洞 — gitoxide 7.8 High2026-05-13
CVE-2026-43998 vm2 后置链接漏洞 — vm2 8.5 High2026-05-13
CVE-2026-44470 Claude Code 后置链接漏洞 — claude-code--2026-05-13
CVE-2026-44220 ciguard 后置链接漏洞 — ciguard 3.2 Low2026-05-12
CVE-2026-8052 HashiCorp Nomad 后置链接漏洞 — Shared library 6.0 Medium2026-05-12
CVE-2026-6959 HashiCorp Nomad和HashiCorp Nomad Enterprise 后置链接漏洞 — Nomad 6.0 Medium2026-05-12
CVE-2026-5061 HashiCorp Tooling 后置链接漏洞 — Tooling 4.7 Medium2026-05-12
CVE-2021-47949 CyberPanel 后置链接漏洞 — CyberPanel 8.8 High2026-05-10
CVE-2026-41882 JetBrains IntelliJ IDEA 后置链接漏洞 — IntelliJ IDEA 7.4 High2026-04-30
CVE-2026-27105 Dell Alienware Purchased Apps 后置链接漏洞 — Dell/Alienware Purchased Apps 6.3 Medium2026-04-29
CVE-2026-5161 TÜBİTAK BİLGEM Pardus About 后置链接漏洞 — Pardus About 8.8 High2026-04-29
CVE-2026-41397 OpenClaw 后置链接漏洞 — OpenClaw 6.8 Medium2026-04-28
CVE-2026-40977 VMware Spring Boot 后置链接漏洞 — Spring Boot 4.7 Medium2026-04-27

CWE-59(在文件访问前对链接解析不恰当(链接跟随)) 是常见的弱点类别,本平台收录该类弱点关联的 450 条 CVE 漏洞。