Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock [CVE-2026-22701]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock, due to a TOCTOU race condition vulnerability that exists in the SoftFileLock implementation of the filelock package CVE-2026-22701. Filelock is used in our speech service...

Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

PT-2026-32856

CVE-2026-32212 Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally. https://t.co/8vH7ez64Tq...

CVE-2026-25187

Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...

EUVD-2026-10659

Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...

EUVD-2026-10660

Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...

CVE-2026-25187

Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...

PT-2026-24311

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description A flaw exists in the Winlogon login program of Windows operating systems related to incorrect handling of symbolic links during file access. Exploitation of this issue could allow an...

Qnap QTS and QuTS Improper Link Resolution Before File Access (CVE-2025-66277)

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

Dell Optimizer 6.x < 6.3.1.0 Privilege Escalation (DSA-2026-094)

The version of Dell Optimizer installed on the remote host is 6.x prior to 6.3.1.0. It is, therefore, affected by a vulnerability: - An improper link resolution before file access vulnerability that could allow a low privileged attacker with local access to exploit this vulnerability, leading to...

EUVD-2026-9820

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-27748 Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-27748

CVE-2026-27748 relates to Avira Internet Security’s Software Updater. The vulnerability stems from improper link resolution: a SYSTEM‑level updater process may delete a file under C:\ProgramData by following symbolic links or reparse points, allowing a local attacker to redirect the delete to an ...

CVE-2026-27748 Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-25906

CVE-2026-25906 affects Dell Optimizer, versions prior to 6.3.1. This is an Improper Link Resolution Before File Access (Link Following) vulnerability that could allow a low-privileged, locally authenticated attacker to achieve Elevation of Privileges. Exploitation details are not provided beyond ...

CVE-2026-25906

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

Dell Optimizer 后置链接漏洞

Dell Optimizer is an intelligent optimization software developed by the American company Dell. Versions of Dell Optimizer prior to 6.3.1 had a post-linkage vulnerability, which stemmed from improper link resolution before file access. This vulnerability could allow local, low-privilege attackers ...

Fortinet FortiClient Improper Link Resolution Before File Access (FG-IR-25-661)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a improper link resolution before file access vulnerability as referenced in the FG-IR-25-661 advisory. - An Improper Link Resolution Before File Access 'Link Following' vulnerability...