LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES  /  CWE-59

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Base EXPLOIT LIKELIHOOD: MEDIUM

What it is

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Impact

Confidentiality, Integrity, Access ControlRead Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
OtherExecute Unauthorized Code or Commands

Mitigations

  • [Architecture and Design]Follow the principle of least privilege when assigning access rights to entities in a software system.Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Real-world CVE examples

  • CVE-1999-1386 — Some versions of Perl follow symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.
  • CVE-2000-1178 — Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.
  • CVE-2004-0217 — Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.
  • CVE-2003-0517 — Symlink attack allows local users to overwrite files.
  • CVE-2004-0689 — Window manager does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary fi
  • CVE-2005-1879 — Second-order symlink vulnerabilities
  • CVE-2005-1880 — Second-order symlink vulnerabilities
  • CVE-2005-1916 — Symlink in Python program
  • CVE-2000-0972 — Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails
  • CVE-2005-0824 — Signal causes a dump that follows symlinks.
  • CVE-2001-1494 — Hard link attack, file overwrite; interesting because program checks against soft links
  • CVE-2002-0793 — Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.

Related weaknesses

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →

Scroll to Top