Monthly
ImageMagick's `-script` operation bypasses the configured security policy file path restrictions in versions before 7.1.2-26 (7.x branch) and before 6.9.13-51 (6.9.13-x branch), enabling a local attacker with low privileges to read files from paths explicitly denied by the security policy. The CVSS 4.0 score of 4.8 reflects the local-only attack surface, low-privilege requirement, and confidentiality-only impact with no code execution possible. No public exploit code has been identified and this vulnerability is not confirmed actively exploited (CISA KEV).
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause a following object write to land outside the destination with attacker-chosen contents. This issue is fixed in version 1.74.4.
Local tampering via symbolic-link following in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the bundled toolchain in Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) allows an authorized local attacker to redirect a privileged file operation to an unintended target, corrupting or replacing files outside their normal permissions. Microsoft (the reporter) has released a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The high CVSS 3.1 base score of 7.0 is tempered by high attack complexity and the requirement for existing low-level local access.
Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.
Local privilege escalation in the Windows Projected File System (ProjFS) driver lets an authenticated low-privileged attacker abuse a symbolic-link/junction race (CWE-59 link following) to redirect a privileged file operation and gain SYSTEM-level rights across Windows 10 (1809-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local privilege escalation in Windows Server Backup (WBADMIN component shipped with Windows 10 21H2/22H2 and Windows 11 24H2/25H2/26H1) lets an authorized, low-privileged user abuse a symbolic-link/junction race so that a backup operation acts on an attacker-chosen path, yielding SYSTEM-level access. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation requires local access plus user interaction, which lowers the realistic threat relative to the 7.3 base score.
Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an already-authenticated low-privileged user to abuse a link-following (symlink/junction) flaw to gain higher privileges on the host. The bug affects a broad range of client and server SKUs from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1, and Microsoft has shipped a fix. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typically SYSTEM/administrator) privileges by abusing improper link resolution before file access (CWE-59). Reported by Microsoft with a patch available via MSRC; no public exploit identified at time of analysis and not listed in CISA KEV. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact once the local, low-privilege prerequisites are met.
Local privilege escalation in Bitdefender Total Security and Internet Security for Windows (versions before 27.0.58.315) lets a less-privileged local user gain higher rights by abusing a symbolic-link race condition in the File Shredder module. Because the shredder operates with elevated privileges and does not safely resolve links before acting on files, an attacker who wins a time-of-check/time-of-use race can redirect a privileged file operation to a target of their choosing. No public exploit identified at time of analysis; the issue was reported by the vendor and requires local access plus user interaction, so EPSS-style mass-exploitation risk is limited.
ImageMagick's `-script` operation bypasses the configured security policy file path restrictions in versions before 7.1.2-26 (7.x branch) and before 6.9.13-51 (6.9.13-x branch), enabling a local attacker with low privileges to read files from paths explicitly denied by the security policy. The CVSS 4.0 score of 4.8 reflects the local-only attack surface, low-privilege requirement, and confidentiality-only impact with no code execution possible. No public exploit code has been identified and this vulnerability is not confirmed actively exploited (CISA KEV).
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause a following object write to land outside the destination with attacker-chosen contents. This issue is fixed in version 1.74.4.
Local tampering via symbolic-link following in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the bundled toolchain in Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) allows an authorized local attacker to redirect a privileged file operation to an unintended target, corrupting or replacing files outside their normal permissions. Microsoft (the reporter) has released a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The high CVSS 3.1 base score of 7.0 is tempered by high attack complexity and the requirement for existing low-level local access.
Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.
Local privilege escalation in the Windows Projected File System (ProjFS) driver lets an authenticated low-privileged attacker abuse a symbolic-link/junction race (CWE-59 link following) to redirect a privileged file operation and gain SYSTEM-level rights across Windows 10 (1809-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local privilege escalation in Windows Server Backup (WBADMIN component shipped with Windows 10 21H2/22H2 and Windows 11 24H2/25H2/26H1) lets an authorized, low-privileged user abuse a symbolic-link/junction race so that a backup operation acts on an attacker-chosen path, yielding SYSTEM-level access. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation requires local access plus user interaction, which lowers the realistic threat relative to the 7.3 base score.
Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an already-authenticated low-privileged user to abuse a link-following (symlink/junction) flaw to gain higher privileges on the host. The bug affects a broad range of client and server SKUs from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1, and Microsoft has shipped a fix. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typically SYSTEM/administrator) privileges by abusing improper link resolution before file access (CWE-59). Reported by Microsoft with a patch available via MSRC; no public exploit identified at time of analysis and not listed in CISA KEV. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact once the local, low-privilege prerequisites are met.
Local privilege escalation in Bitdefender Total Security and Internet Security for Windows (versions before 27.0.58.315) lets a less-privileged local user gain higher rights by abusing a symbolic-link race condition in the File Shredder module. Because the shredder operates with elevated privileges and does not safely resolve links before acting on files, an attacker who wins a time-of-check/time-of-use race can redirect a privileged file operation to a target of their choosing. No public exploit identified at time of analysis; the issue was reported by the vendor and requires local access plus user interaction, so EPSS-style mass-exploitation risk is limited.