CWE · MITRE source
CWE-59Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Last updated: 20 May 2026 08:06 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-30333 KEV | 9.1 | 7.5 | 0.9279 | 2022-05-09 |
CVE-2019-0841 KEV | 8.5 | 7.8 | 0.8265 | 2019-04-09 |
CVE-2022-21999 KEV | 7.9 | 7.8 | 0.7151 | 2022-02-09 |
CVE-2020-36193 KEV | 7.8 | 7.5 | 0.7115 | 2021-01-18 |
CVE-2023-36874 KEV | 7.7 | 7.8 | 0.6883 | 2023-07-11 |
CVE-2020-0787 KEV | 7.1 | 7.8 | 0.5928 | 2020-03-12 |
CVE-2024-57728 KEV UPD | 7.0 | 7.2 | 0.5882 | 2025-01-15 |
CVE-2024-32002 | 6.6 | 9.0 | 0.7959 | 2024-05-14 |
CVE-2024-28185 | 5.9 | 10.0 | 0.6502 | 2024-04-18 |
CVE-2023-40028 | 5.6 | 4.9 | 0.7761 | 2023-08-15 |
CVE-2024-28189 | 5.5 | 10.0 | 0.5758 | 2024-04-18 |
CVE-2019-1069 KEV | 5.4 | 7.8 | 0.3008 | 2019-06-12 |
CVE-2020-0683 KEV | 5.4 | 7.8 | 0.3106 | 2020-02-11 |
CVE-2025-60710 KEV | 5.4 | 7.8 | 0.2987 | 2025-11-11 |
CVE-2021-21300 | 5.3 | 8.0 | 0.6188 | 2021-03-09 |
CVE-2024-20656 | 5.3 | 7.8 | 0.6274 | 2024-01-09 |
CVE-2019-1253 KEV | 5.2 | 7.8 | 0.2773 | 2019-09-11 |
CVE-2015-1130 KEV UPD | 5.0 | 7.8 | 0.2342 | 2015-04-10 |
CVE-2016-6664 UPD | 4.7 | 7.0 | 0.5439 | 2016-12-13 |
CVE-2024-53691 | 4.6 | 8.8 | 0.4805 | 2024-12-06 |
CVE-2024-50404 | 4.4 | 8.8 | 0.4429 | 2024-12-06 |
CVE-2019-1064 KEV | 4.3 | 7.8 | 0.1182 | 2019-06-12 |
CVE-2019-1002101 | 4.2 | 6.4 | 0.4927 | 2019-04-01 |
CVE-2019-1315 KEV | 4.0 | 7.8 | 0.0760 | 2019-10-10 |
CVE-2017-2619 | 3.9 | 7.5 | 0.4067 | 2018-03-12 |