Threats Tagged 'cwe-61'
View all threats tagged with 'cwe-61'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-61'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-55447: CWE-61: UNIX Symbolic Link (Symlink) Following in langflow-ai langflowCVE-2026-55447 0 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to the vulnerability. This includes Docling (DoclingInlineComponent), Docling Serve, DoclingRemoteComponent), Read File (FileComponent), NVIDIA Retriever Extraction (NvidiaIngestComponent), Video File (VideoFileComponent), and Unstructured API (UnstructuredComponent). This vulnerability is fixed in 1.9.2. Join the discussion | CVE Database V5 | 06/23/2026, 16:21:42 UTC Added: 06/23/2026, 16:39:54 UTC |
CVE-2026-12958: CWE-61 UNIX symbolic link (symlink) following in Amazon Web Services Language Servers for AWSCVE-2026-12958 0 Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate this issue, users should upgrade to version 1.69.0 or higher. Join the discussion | CVE Database V5 | 06/23/2026, 16:03:01 UTC Added: 06/23/2026, 16:39:51 UTC |
CVE-2026-56815: CWE-61 UNIX Symbolic Link (Symlink) Following in rasta-mouse pwnliftCVE-2026-56815 0 pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor. Join the discussion | CVE Database V5 | 06/23/2026, 13:57:34 UTC Added: 06/23/2026, 14:39:19 UTC |
CVE-2026-49248: CWE-61: UNIX Symbolic Link (Symlink) Following in theonedev onedevCVE-2026-49248 0 OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR entry getLinkName() without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to arbitrary server-side locations. This is exploitable by any authenticated user with CI Job write access — no admin interaction required. This is an incomplete fix bypass of CVE-2021-21251 (GHSA-2w6j-wc8c-9mq2): that patch blocked .. path segments but did not address absolute symlink targets. This issue has been fixed in version 15.0.7. Join the discussion | CVE Database V5 | 06/18/2026, 19:54:01 UTC Added: 06/18/2026, 20:36:33 UTC |
CVE-2026-54420: CWE-61 UNIX Symbolic Link (Symlink) Following in LiteSpeed Technologies cPanel PluginCVE-2026-54420 0 LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026. Join the discussion | CVE Database V5 | 06/14/2026, 03:23:12 UTC Added: 06/14/2026, 08:43:09 UTC |
Showing 1 to 5 of 5 results