uutils coreutils CVE-2026-35342

| EUVD-2026-24971 LOW
Insecure Temporary File (CWE-377)
2026-04-22 canonical
Authentication Bypass Information Disclosure Coreutils
3.3
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 23, 2026 - 00:18 vuln.today

DescriptionNVD

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.

AnalysisAI

mktemp utility in uutils coreutils mishandles empty TMPDIR environment variables by creating temporary files in the current working directory instead of falling back to /tmp, potentially exposing sensitive data if the CWD has overly permissive access controls. Affects uutils coreutils versions prior to 0.6.0 and requires local attacker with limited privileges to manipulate the environment or exploit overly accessible working directories; CVSS 3.3 reflects low severity (local access, limited confidentiality impact) despite information disclosure risk.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-35342 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy