uutils coreutils CVE-2026-35364

| EUVD-2026-25010 MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-04-22 canonical GHSA-m976-87wm-48fm
Information Disclosure
6.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 23, 2026 - 07:03 vuln.today

DescriptionNVD

A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit this window to replace the destination with a symbolic link. The subsequent privileged move operation will follow the symlink, allowing the attacker to redirect the write and overwrite an arbitrary target file with contents from the source.

AnalysisAI

A time-of-check to time-of-use (TOCTOU) race condition in the mv utility of uutils coreutils during cross-device move operations allows local attackers with write access to the destination directory to exploit a window between file deletion and recreation, injecting a symbolic link to redirect privileged write operations and overwrite arbitrary files. Exploitation requires moderate attack complexity and local access with limited privileges, but grants the ability to corrupt or modify files beyond the attacker's normal permissions. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-35364 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy