CWE-61
UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
CVE-2026-14699 (GCVE-0-2026-14699)
Vulnerability from cvelistv5 – Published: 2026-07-05 03:15 – Updated: 2026-07-06 16:21| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376295 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376295/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14699 | third-party-advisory |
| https://vuldb.com/submit/846864 | third-party-advisory |
| https://github.com/zcaceres/markdownify-mcp/issues/108 | issue-tracking |
| https://github.com/zcaceres/markdownify-mcp/pull/109 | issue-trackingpatch |
| https://github.com/zcaceres/markdownify-mcp/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| zcaceres | markdownify-mcp |
Affected:
1.0
Affected: 1.1.0 cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:20:52.255822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:21:02.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:*"
],
"product": "markdownify-mcp",
"vendor": "zcaceres",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem000000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "Symlink Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T03:15:08.112Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376295 | zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376295"
},
{
"name": "VDB-376295 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376295/cti"
},
{
"name": "CVE-2026-14699 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14699"
},
{
"name": "Submit #846864 | zcaceres markdownify-mcp / mcp-markdownify-server up to 1.1.0 CWE-59: Improper Link Resolution Before File Access (\u0027Link Follo",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/846864"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/zcaceres/markdownify-mcp/issues/108"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/zcaceres/markdownify-mcp/pull/109"
},
{
"tags": [
"product"
],
"url": "https://github.com/zcaceres/markdownify-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T07:27:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14699",
"datePublished": "2026-07-05T03:15:08.112Z",
"dateReserved": "2026-07-04T05:22:43.104Z",
"dateUpdated": "2026-07-06T16:21:02.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21916 (GCVE-0-2026-21916)
Vulnerability from cvelistv5 – Published: 2026-04-09 21:28 – Updated: 2026-04-13 13:04- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA107807 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 23.2R2-S7
(semver)
Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S3 (semver) Affected: 24.4 , < 24.4R2-S2 (semver) Affected: 25.2 , < 25.2R2 (semver) Unaffected: 25.4R1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T03:56:11.604149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:04:16.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S3",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-S2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R2",
"status": "affected",
"version": "25.2",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "25.4R1"
}
]
}
],
"datePublic": "2026-04-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\u003cbr\u003e\u003cbr\u003eWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions 25.4R1 or later."
}
],
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\n\nWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\n\nThis issue affects Junos OS:\n * all versions before 23.2R2-S7,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S3,\n * 24.4 versions before 24.4R2-S2,\n * 25.2 versions before 25.2R2.\n\n\nThis issue does not affect versions 25.4R1 or later."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T21:28:05.552Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA107807"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R2, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA107807",
"defect": [
"1865633"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: A low privileged user can escalate their privileges so that they can login as root",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To prevent exploitation, use access controls to keep users from performing \u0027file link\u0027 operations."
}
],
"value": "To prevent exploitation, use access controls to keep users from performing \u0027file link\u0027 operations."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21916",
"datePublished": "2026-04-09T21:28:05.552Z",
"dateReserved": "2026-01-05T17:32:48.711Z",
"dateUpdated": "2026-04-13T13:04:16.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22767 (GCVE-0-2026-22767)
Vulnerability from cvelistv5 – Published: 2026-04-01 12:07 – Updated: 2026-04-01 19:04- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00044696… | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:04:16.956356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:04:27.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppSync",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.6.1.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank falconCorrup for reporting this issue."
}
],
"datePublic": "2026-04-01T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."
}
],
"value": "Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T12:24:41.046Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2026-22767",
"datePublished": "2026-04-01T12:07:50.386Z",
"dateReserved": "2026-01-09T18:05:08.764Z",
"dateUpdated": "2026-04-01T19:04:27.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23968 (GCVE-0-2026-23968)
Vulnerability from cvelistv5 – Published: 2026-01-21 22:13 – Updated: 2026-01-22 16:49- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://github.com/copier-org/copier/security/adv… | x_refsource_CONFIRM |
| https://github.com/copier-org/copier/commit/b3a7b… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| copier-org | copier |
Affected:
< 9.11.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:09:28.359725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:49:32.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "copier",
"vendor": "copier-org",
"versions": [
{
"status": "affected",
"version": "\u003c 9.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it\u0027s safe to generate a project from a safe template, i.e. one that doesn\u0027t use unsafe features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with `_preserve_symlinks: false` (which is Copier\u0027s default setting). Version 9.11.2 patches the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T22:13:25.377Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/copier-org/copier/security/advisories/GHSA-xjhm-gp88-8pfx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/copier-org/copier/security/advisories/GHSA-xjhm-gp88-8pfx"
},
{
"name": "https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6"
}
],
"source": {
"advisory": "GHSA-xjhm-gp88-8pfx",
"discovery": "UNKNOWN"
},
"title": "Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23968",
"datePublished": "2026-01-21T22:13:25.377Z",
"dateReserved": "2026-01-19T14:49:06.314Z",
"dateUpdated": "2026-01-22T16:49:32.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23986 (GCVE-0-2026-23986)
Vulnerability from cvelistv5 – Published: 2026-01-21 22:20 – Updated: 2026-01-22 16:49- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://github.com/copier-org/copier/security/adv… | x_refsource_CONFIRM |
| https://github.com/copier-org/copier/commit/b3a7b… | x_refsource_MISC |
| https://github.com/copier-org/copier/releases/tag… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| copier-org | copier |
Affected:
< 9.11.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:10:50.987653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:49:26.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "copier",
"vendor": "copier-org",
"versions": [
{
"status": "affected",
"version": "\u003c 9.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it\u0027s safe to generate a project from a safe template, i.e. one that doesn\u0027t use unsafe features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently write to arbitrary directories outside the destination path by using directory a symlink along with `_preserve_symlinks: true` and a generated directory structure whose rendered path is inside the symlinked directory. This way, a malicious template author can create a template that overwrites arbitrary files (according to the user\u0027s write permissions), e.g., to cause havoc. Version 9.11.2 patches the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T22:20:37.720Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/copier-org/copier/security/advisories/GHSA-4fqp-r85r-hxqh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/copier-org/copier/security/advisories/GHSA-4fqp-r85r-hxqh"
},
{
"name": "https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6"
},
{
"name": "https://github.com/copier-org/copier/releases/tag/v9.11.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/copier-org/copier/releases/tag/v9.11.2"
}
],
"source": {
"advisory": "GHSA-4fqp-r85r-hxqh",
"discovery": "UNKNOWN"
},
"title": "Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23986",
"datePublished": "2026-01-21T22:20:37.720Z",
"dateReserved": "2026-01-19T18:49:20.656Z",
"dateUpdated": "2026-01-22T16:49:26.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24018 (GCVE-0-2026-24018)
Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 13:08- CWE-61 - Escalation of privilege
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientLinux |
Affected:
7.4.0 , ≤ 7.4.4
(semver)
Affected: 7.2.2 , ≤ 7.2.12 (semver) cpe:2.3:a:fortinet:forticlientlinux:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientlinux:7.2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:55.161799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:18.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientlinux:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientlinux:7.2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:44:14.285Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-083",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-083"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiClientLinux version 8.0.0 or above\nUpgrade to FortiClientLinux version 7.4.5 or above\nUpgrade to FortiClientLinux version 7.2.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-24018",
"datePublished": "2026-03-10T16:44:14.285Z",
"dateReserved": "2026-01-20T11:13:10.549Z",
"dateUpdated": "2026-03-11T13:08:18.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24047 (GCVE-0-2026-24047)
Vulnerability from cvelistv5 – Published: 2026-01-21 22:45 – Updated: 2026-01-22 16:49| URL | Tags |
|---|---|
| https://github.com/backstage/backstage/security/a… | x_refsource_CONFIRM |
| https://github.com/backstage/backstage/commit/ae4… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:09:18.960475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:49:06.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "backstage",
"vendor": "backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 \u2192 link2 \u2192 /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T22:45:06.956Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/backstage/backstage/security/advisories/GHSA-2p49-45hj-7mc9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-2p49-45hj-7mc9"
},
{
"name": "https://github.com/backstage/backstage/commit/ae4dd5d1572a4f639e1a466fd982656b50f8e692",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/backstage/backstage/commit/ae4dd5d1572a4f639e1a466fd982656b50f8e692"
}
],
"source": {
"advisory": "GHSA-2p49-45hj-7mc9",
"discovery": "UNKNOWN"
},
"title": "@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24047",
"datePublished": "2026-01-21T22:45:06.956Z",
"dateReserved": "2026-01-20T22:30:11.778Z",
"dateUpdated": "2026-01-22T16:49:06.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25724 (GCVE-0-2026-25724)
Vulnerability from cvelistv5 – Published: 2026-02-06 17:53 – Updated: 2026-03-27 21:11| URL | Tags |
|---|---|
| https://github.com/anthropics/claude-code/securit… | x_refsource_CONFIRM |
| https://www.terra.security/blog/when-ai-becomes-t… |
| Vendor | Product | Version | |
|---|---|---|---|
| anthropics | claude-code |
Affected:
< 2.1.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:23:19.264170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:23:48.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-27T21:11:36.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.terra.security/blog/when-ai-becomes-the-attack-surface-lessons-from-discovering-cve-2026-25724"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "claude-code",
"vendor": "anthropics",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:53:16.004Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx"
}
],
"source": {
"advisory": "GHSA-4q92-rfm6-2cqx",
"discovery": "UNKNOWN"
},
"title": "Claude Code Has Permission Deny Bypass Through Symbolic Links"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25724",
"datePublished": "2026-02-06T17:53:16.004Z",
"dateReserved": "2026-02-05T16:48:00.426Z",
"dateUpdated": "2026-03-27T21:11:36.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27485 (GCVE-0-2026-27485)
Vulnerability from cvelistv5 – Published: 2026-02-21 09:27 – Updated: 2026-02-24 18:15- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | x_refsource_CONFIRM |
| https://github.com/openclaw/openclaw/pull/20796 | x_refsource_MISC |
| https://github.com/openclaw/openclaw/commit/c2759… | x_refsource_MISC |
| https://github.com/openclaw/openclaw/commit/ee1d6… | x_refsource_MISC |
| https://github.com/openclaw/openclaw/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T18:15:44.677080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:15:59.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openclaw",
"vendor": "openclaw",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.2.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the resulting archive can include unintended file contents. If exploited, this vulnerability can lead to potential unintentional disclosure of local files from the packaging machine into a generated .skill artifact, but requires local execution of the packaging script on attacker-controlled skill contents. This issue has been fixed in version 2026.2.18."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-21T09:27:53.172Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6h2-5gqq-v5v6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6h2-5gqq-v5v6"
},
{
"name": "https://github.com/openclaw/openclaw/pull/20796",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openclaw/openclaw/pull/20796"
},
{
"name": "https://github.com/openclaw/openclaw/commit/c275932aa4230fb7a8212fe1b9d2a18424874b3f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openclaw/openclaw/commit/c275932aa4230fb7a8212fe1b9d2a18424874b3f"
},
{
"name": "https://github.com/openclaw/openclaw/commit/ee1d6427b544ccadd73e02b1630ea5c29ba9a9f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openclaw/openclaw/commit/ee1d6427b544ccadd73e02b1630ea5c29ba9a9f0"
},
{
"name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"
}
],
"source": {
"advisory": "GHSA-r6h2-5gqq-v5v6",
"discovery": "UNKNOWN"
},
"title": "OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27485",
"datePublished": "2026-02-21T09:27:53.172Z",
"dateReserved": "2026-02-19T19:46:03.541Z",
"dateUpdated": "2026-02-24T18:15:59.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27489 (GCVE-0-2026-27489)
Vulnerability from cvelistv5 – Published: 2026-04-01 17:33 – Updated: 2026-06-30 12:08| URL | Tags |
|---|---|
| https://github.com/onnx/onnx/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/onnx/onnx/commit/4755f8053928d… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-27489 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453929 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:24977 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| onnx | onnx |
Affected:
< 1.21.0
|
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27489",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:08:27.206936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:09:18.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-01T17:33:51.281Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open Neural Network Exchange (ONNX), an open standard for machine learning interoperability. This path traversal vulnerability, exploitable via a symbolic link (symlink), allows an attacker to read arbitrary files located outside of the intended model or user-provided directories. This could lead to unauthorized information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:08:07.586Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-27489"
},
{
"name": "RHBZ#2453929",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453929"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27489.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T18:01:42.208Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-01T17:33:51.281Z",
"value": "Made public."
}
],
"title": "onnx: ONNX: Information Disclosure via Path Traversal Vulnerability",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "onnx",
"vendor": "onnx",
"versions": [
{
"status": "affected",
"version": "\u003c 1.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:33:51.281Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73"
},
{
"name": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"
}
],
"source": {
"advisory": "GHSA-3r9x-f23j-gc73",
"discovery": "UNKNOWN"
},
"title": "ONNX: Path Traversal via Symlink"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27489",
"datePublished": "2026-04-01T17:33:51.281Z",
"dateReserved": "2026-02-19T19:46:03.541Z",
"dateUpdated": "2026-06-30T12:08:07.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Implementation
Description:
- Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.
Mitigation ID: MIT-48.1
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-27: Leveraging Race Conditions via Symbolic Links
This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.