What is CVE-2020-28407?

It's a symlink vulnerability in older swtpm versions letting locals overwrite files via temp file races.

Does swtpm CVE-2020-28407 affect modern VMs?

Yes, if you're on unpatched versions in containers or legacy setups—update to 0.5.1+ or 0.4.2+.

Upgrade swtpm, use secure tmp dirs like systemd's RuntimeDirectory, and audit /tmp perms.

🕳️ Vulnerabilities & CVEs

You're tweaking a VM, thinking TPM emulation's rock-solid. Wrong. CVE-2020-28407 turns tmp files into weapons.

theAIcatchup Apr 08, 2026 3 min read

CVE-2020-28407 enables arbitrary file overwrites via symlinks in old swtpm versions. 𝕏
Still relevant in 2024 due to stale container images and legacy VMs. 𝕏
Patch immediately; echoes ancient bugs like OpenSSH's 2002 symlink flaw. 𝕏

Published by

Threat intelligence. Zero noise.

#CVE-2020-28407 #TPM emulator #swtpm vulnerability #symlink attack

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by NVD Vulnerabilities