VariantIncomplete

CWE-62UNIX Hard Link

Category: other

Description

The product, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. /etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.

Common consequences· 1

  • Confidentiality / Integrity — Read Files or Directories, Modify Files or Directories

Potential mitigations· 1

  • [Architecture and Design]

References

  1. https://cwe.mitre.org/data/definitions/62.html

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2026-32232cve-2026-322320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
UNIX Symbolic Link (Symlink) Following
CWE
Windows Hard Link
CWE
Windows Shortcut Following (.LNK)
CWE
Path Equivalence: 'fakedir/../realdir/filename'
CWE
Insecure Operation on Windows Junction / Mount Point
CWE
Improper Link Resolution Before File Access ('Link Following')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.