CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo
Vulnerability ID: CVE-2026-35341
CVSS Score: 7.1
Published: 2026-07-06
CVE-2026-35341 is a high-severity vulnerability in the mkfifo utility of uutils coreutils, involving a logic-flow bypass and a TOCTOU race condition that permits unauthorized file permission degradation and privilege escalation.
TL;DR
A logical flow-control bypass and a TOCTOU race condition in the uutils coreutils mkfifo utility allow unprivileged local attackers to degrade system file permissions and escalate privileges.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-732
- Attack Vector: Local (AV:L)
- CVSS v3.1 Score: 7.1
- EPSS Score: 0.00165
- Exploit Status: Proof of Concept (PoC) Available
- CISA KEV Status: Not Listed
Affected Systems
- uutils coreutils
- Wolfi developer images
- Chainguard developer images
- Debian Linux (experimental uutils-coreutils package)
- Ubuntu Linux (experimental uutils-coreutils package)
-
coreutils: < commit pull/10376 (Fixed in:
PR #10376 merged version)
Mitigation Strategies
- Upgrade uutils coreutils to a release incorporating Pull Request #10376.
- Enable system-wide symlink protections via sysctl configuration.
- Avoid executing mkfifo with elevated privileges in globally writable directories.
Remediation Steps:
- Identify all system deployments using uutils coreutils instead of GNU coreutils.
- Recompile or update uutils coreutils packages to versions beyond the commit in PR #10376.
- Add 'fs.protected_symlinks = 1' to /etc/sysctl.conf and run 'sysctl -p' to apply protections.
- Audit existing critical file permissions to identify unauthorized modifications.
References
- uutils coreutils Issue #10020: mkfifo TOCTOU and logic flow permissions bypass
- uutils coreutils Pull Request #10376: mkfifo fix permissions update on creation failure
- Official CVE-2026-35341 Record on CVE.org
- Wiz Vulnerability Database Overview for CVE-2026-35341
Read the full report for CVE-2026-35341 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)