The software, when opening a file or directory, does not
sufficiently account for when the name is associated with a hard link to a
target that is outside of the intended control sphere. This could allow an
attacker to cause the software to operate on unauthorized
files.