CWE-59 - Improper Link Resolution Before File Access ('Link Following')


The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism. Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution. This weakness is caused during implementation of an architectural security tactic.

Latest vulnerabilities for CWE-59


Description of CWE-59 on Mitre website