golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

PT-2026-47746

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description A path allowance check in th...

TYPO3 CMS 路径遍历漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source project. Versions of TYPO3 CMS prior to 10.4.57, as well as versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3, have a path traversal vulnerability. This vulnerability stems from the...

CVE-2026-41589

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

CVE-2026-42275

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a...

CVE-2026-42795 Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

EEF-CVE-2026-42795 Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root

Summary Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable...

Apache MINA SSHD 安全漏洞

Apache MINA SSHD is a pure Java library from the Apache Foundation that supports the SSH protocol on both the client and server sides. Apache MINA SSHD has a security vulnerability caused by path traversal, which may allow authenticated users to access git repositories outside of the configured g...

AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to locations outside the intended extraction root by crafting a layer with a symlink pointing to an absolut...

CVE-2026-44220

ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

CVE-2026-44220

ciguard (static security auditor for CI/CD) has a symlink-following flaw in discover_pipeline_files() (src/ciguard/discovery.py) that can cause discovery to traverse into symlink targets outside the requested root. Documented in CVE-2026-44220 and GHSA advisories, the vulnerability affects versio...

CVE-2026-44220 ciguard: discover_pipeline_files follows symlinks out of scan root

ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...

CVE-2026-44220

ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

CVE-2026-42275

The CVE-2026-42275 issue affects zrok’s WebDAV drive backend (davServer.Dir) where symbolic links inside the shared DriveRoot are not prevented from pointing outside the root. This allows remote WebDAV clients to read files and, on shares with lax OS permissions, overwrite files anywhere on the h...