CVE-2026-35342— uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35342
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR
Source: NVD (National Vulnerability Database)
Vulnerability Description
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的临时文件
Source: NVD (National Vulnerability Database)
Vulnerability Title
uutils coreutils 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于mktemp实用程序未能正确处理空的TMPDIR环境变量,与GNU mktemp在TMPDIR为空字符串时回退到/tmp不同,uutils实现将空字符串视为有效路径,导致临时文件在当前工作目录中创建,如果CWD比/tmp更宽松或可被其他用户访问,可能导致意外信息泄露或未经授权访问临时数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35342
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35342
请登录查看更多情报信息。
Same Patch Batch · Uutils · 2026-04-22 · 44 CVEs total
| CVE-2026-35338 | 7.3 HIGH | uutils coreutils chmod Path Traversal Bypass of --preserve-root |
| CVE-2026-35368 | 7.2 HIGH | uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service S |
| CVE-2026-35341 | 7.1 HIGH | uutils coreutils mkfifo Unauthorized Permission Change on Existing Files |
| CVE-2026-35352 | 7.0 HIGH | uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition |
| CVE-2026-35349 | 6.7 MEDIUM | uutils coreutils Path-Based Safety Bypass with --preserve-root |
| CVE-2026-35350 | 6.6 MEDIUM | uutils coreutils cp Unexpected Privileged Executable Creation with -p |
| CVE-2026-35365 | 6.6 MEDIUM | uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion |
| CVE-2026-35360 | 6.3 MEDIUM | uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition |
| CVE-2026-35356 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race |
| CVE-2026-35374 | 6.3 MEDIUM | uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) |
| CVE-2026-35355 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race |
| CVE-2026-35364 | 6.3 MEDIUM | uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition |
| CVE-2026-35363 | 5.6 MEDIUM | uutils coreutils rm Safeguard Bypass via Improper Path Normalization |
| CVE-2026-35380 | 5.5 MEDIUM | uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing |
| CVE-2026-35369 | 5.5 MEDIUM | uutils coreutils kill System-wide Process Termination and Denial of Service via Argument M |
| CVE-2026-35348 | 5.5 MEDIUM | uutils coreutils sort Local Denial of Service via Forced UTF-8 Parsing |
| CVE-2026-35339 | 5.5 MEDIUM | uutils coreutils chmod False Success Exit Code in Recursive Mode |
| CVE-2026-35340 | 5.5 MEDIUM | uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode |
| CVE-2026-35345 | 5.3 MEDIUM | uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race |
| CVE-2026-35372 | 5.0 MEDIUM | uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag |
Showing top 20 of 44 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: coreutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
Same vendor: Uutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
V. Comments for CVE-2026-35342
No comments yet