CVE-2026-35341— uutils coreutils mkfifo Unauthorized Permission Change on Existing Files
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35341
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
uutils coreutils mkfifo Unauthorized Permission Change on Existing Files
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permissions call. This results in the existing file's permissions being changed to the default mode (often 644 after umask), potentially exposing sensitive files such as SSH private keys to other users on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键资源的不正确权限授予
Source: NVD (National Vulnerability Database)
Vulnerability Title
uutils coreutils 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于mkfifo允许未经授权修改现有文件的权限,当mkfifo因目标路径已存在文件而无法创建FIFO时,未能终止该路径的操作并继续执行后续set_permissions调用,导致现有文件的权限更改为默认模式,可能将敏感文件暴露给系统上的其他用户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35341
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35341
请登录查看更多情报信息。
Same Patch Batch · Uutils · 2026-04-22 · 44 CVEs total
| CVE-2026-35338 | 7.3 HIGH | uutils coreutils chmod Path Traversal Bypass of --preserve-root |
| CVE-2026-35368 | 7.2 HIGH | uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service S |
| CVE-2026-35352 | 7.0 HIGH | uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition |
| CVE-2026-35349 | 6.7 MEDIUM | uutils coreutils Path-Based Safety Bypass with --preserve-root |
| CVE-2026-35350 | 6.6 MEDIUM | uutils coreutils cp Unexpected Privileged Executable Creation with -p |
| CVE-2026-35365 | 6.6 MEDIUM | uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion |
| CVE-2026-35374 | 6.3 MEDIUM | uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) |
| CVE-2026-35355 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race |
| CVE-2026-35364 | 6.3 MEDIUM | uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition |
| CVE-2026-35356 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race |
| CVE-2026-35360 | 6.3 MEDIUM | uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition |
| CVE-2026-35363 | 5.6 MEDIUM | uutils coreutils rm Safeguard Bypass via Improper Path Normalization |
| CVE-2026-35348 | 5.5 MEDIUM | uutils coreutils sort Local Denial of Service via Forced UTF-8 Parsing |
| CVE-2026-35369 | 5.5 MEDIUM | uutils coreutils kill System-wide Process Termination and Denial of Service via Argument M |
| CVE-2026-35380 | 5.5 MEDIUM | uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing |
| CVE-2026-35339 | 5.5 MEDIUM | uutils coreutils chmod False Success Exit Code in Recursive Mode |
| CVE-2026-35340 | 5.5 MEDIUM | uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode |
| CVE-2026-35345 | 5.3 MEDIUM | uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race |
| CVE-2026-35372 | 5.0 MEDIUM | uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag |
| CVE-2026-35357 | 4.7 MEDIUM | uutils coreutils cp Information Disclosure via Permission Handling Race |
Showing top 20 of 44 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: coreutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
Same vendor: Uutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
Same weakness: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. Comments for CVE-2026-35341
No comments yet