uutils coreutils CVE-2026-35354

EUVD-2026-24990 MEDIUM

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

2026-04-22 canonical

GHSA-x4mc-mqm7-gg39

Information Disclosure

4.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 23, 2026 - 07:05 vuln.today

DescriptionNVD

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with write access to the directory can exploit this race to swap files between calls, causing the destination file to receive an inconsistent mix of security xattrs, such as SELinux labels or file capabilities.

AnalysisAI

Time-of-check-time-of-use (TOCTOU) vulnerability in uutils coreutils mv utility during cross-device file moves allows local attackers with directory write access to manipulate extended attributes (xattrs) on destination files by swapping files between sequential path-based system calls, potentially causing security labels like SELinux attributes or file capabilities to be applied inconsistently. CVSS 4.7 (local, high complexity) with confirmed vulnerability reported by Canonical; CISA SSVC assessment indicates non-automatable exploitation with partial technical impact.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-35354 vulnerability details – vuln.today

Back

uutils coreutils CVE-2026-35354

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code