The software, when opening a file or directory, does not sufficiently
handle when the name is associated with a hard link to a target that is
outside of the intended control sphere. This could allow an attacker to
cause the software to operate on unauthorized files.