8585 matches found
EUVD-2026-43554
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
EUVD-2026-42685
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-58198
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-58198
ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...
CVE-2026-58203
A flaw was found in the pydantic-settings component. When configured to handle nested secrets, this vulnerability allows an attacker to read sensitive files from outside the designated secrets directory. By placing a specially crafted symbolic link within the secrets directory, an attacker can...
Security Bulletin: Consul-template is vulnerable to path redirection in writeToFile through symlink attack
Summary The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in...
CVE-2026-14361 Consul-template is vulnerable to path redirection in writeToFile through symlink attack
The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...
CVE-2026-58203
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade...
Symlink Attack
Overview github.com/go-gitea/gitea/modules/util is a Git with a cup of tea, painless self-hosted git service. Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by...
Anthropic Claude Code 2.1.59 < 2.1.128 Information Disclosure (CVE-2026-46406)
The version of Anthropic Claude Code installed on the remote host is 2.1.59 prior to 2.1.128. It is, therefore, affected by an information disclosure vulnerability: - The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation,...
PYSEC-2026-645 instack-undercloud vulnerable to symlink attack on tmp files
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...
Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack
Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...
CVE-2026-41001
A flaw was found in Spring Boot. The ArtemisEmbeddedConfigurationFactory component uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can exploit this by pre-creating this predictable directory ...
CVE-2026-46406
A flaw was found in Claude Code. The /copy command created responses in a predictable, world-readable temporary file without proper isolation or symlink protection. This allowed a local unprivileged user to read sensitive information from a privileged user's Claude response, potentially containin...
SUSE-SU-2026:2712-1 Security update for xdg-desktop-portal
This update for xdg-desktop-portal fixes the following issue: - CVE-2026-40354: File deletion via symlink attack bsc1262045...
CVE-2026-56876
A flaw was found in extract-zip. This vulnerability allows a remote attacker to craft a malicious zip file containing symbolic links that point to locations outside the intended extraction directory. When a user extracts this malicious archive, extract-zip fails to validate the symlink targets,...
Linux Distros Unpatched Vulnerability : CVE-2026-54370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by...
Symlink Attack
Overview libattr is a None Affected versions of this package are vulnerable to Symlink Attack. via the getfattr or setfattr process. An attacker can gain elevated privileges by substituting a symbolic link for a pathname component during directory traversal, causing operations to be redirected to...