CVE-2026-35364
Last modified
CVE-2026-35364 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. EPSS estimates a 0.09% chance of exploitation in the next 30 days.
Description
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit this window to replace the destination with a symbolic link. The subsequent privileged move operation will follow the symlink, allowing the attacker to redirect the write and overwrite an arbitrary target file with contents from the source.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Uutils | Coreutils | All versions |
References
- https://github.com/uutils/coreutils/issues/10015Exploit, Issue Tracking, Vendor Advisory
- https://github.com/uutils/coreutils/issues/10015Exploit, Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-35364?
How severe is CVE-2026-35364?
How do I fix CVE-2026-35364?
Are you affected by CVE-2026-35364?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST