{"vulnerability": "CVE-2026-35341", "sightings": [{"uuid": "1914d78c-dbbb-47c7-bb7f-7c4dc807dfbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35341", "type": "seen", "source": "Telegram/y1XO5mBm2flLcrjS5YpFLtlumq47M984z8tJCHS_wnxFgvg", "content": "", "creation_timestamp": "2026-04-22T19:23:16.000000Z"}, {"uuid": "5baa737f-7566-43da-86d5-3cc09847c1b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35341", "type": "seen", "source": "https://gist.github.com/alon710/d7b15b70ec7c7ecc30109bf6cff7b4d3", "content": "# CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo\n\n&gt; **CVSS Score:** 7.1\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-35341\n\n## Summary\nCVE-2026-35341 is a high-severity vulnerability in the mkfifo utility of uutils coreutils, involving a logic-flow bypass and a TOCTOU race condition that permits unauthorized file permission degradation and privilege escalation.\n\n## TL;DR\nA logical flow-control bypass and a TOCTOU race condition in the uutils coreutils mkfifo utility allow unprivileged local attackers to degrade system file permissions and escalate privileges.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-732\n- **Attack Vector**: Local (AV:L)\n- **CVSS v3.1 Score**: 7.1\n- **EPSS Score**: 0.00165\n- **Exploit Status**: Proof of Concept (PoC) Available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- uutils coreutils\n- Wolfi developer images\n- Chainguard developer images\n- Debian Linux (experimental uutils-coreutils package)\n- Ubuntu Linux (experimental uutils-coreutils package)\n- **coreutils**: &lt; commit pull/10376 (Fixed in: `PR #10376 merged version`)\n\n## Mitigation\n\n- Upgrade uutils coreutils to a release incorporating Pull Request #10376.\n- Enable system-wide symlink protections via sysctl configuration.\n- Avoid executing mkfifo with elevated privileges in globally writable directories.\n\n**Remediation Steps:**\n1. Identify all system deployments using uutils coreutils instead of GNU coreutils.\n2. Recompile or update uutils coreutils packages to versions beyond the commit in PR #10376.\n3. Add 'fs.protected_symlinks = 1' to /etc/sysctl.conf and run 'sysctl -p' to apply protections.\n4. Audit existing critical file permissions to identify unauthorized modifications.\n\n## References\n\n- [uutils coreutils Issue #10020: mkfifo TOCTOU and logic flow permissions bypass](https://github.com/uutils/coreutils/issues/10020)\n- [uutils coreutils Pull Request #10376: mkfifo fix permissions update on creation failure](https://github.com/uutils/coreutils/pull/10376)\n- [Official CVE-2026-35341 Record on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-35341)\n- [Wiz Vulnerability Database Overview for CVE-2026-35341](https://www.wiz.io/vulnerability-database/cve/cve-2026-35341)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35341) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T23:41:59.726656Z"}, {"uuid": "d369c7ec-1a85-49ee-861b-02de56e790bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35341", "type": "seen", "source": "https://gist.github.com/alon710/d7b15b70ec7c7ecc30109bf6cff7b4d3", "content": "# CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo\n\n&gt; **CVSS Score:** 7.1\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-35341\n\n## Summary\nCVE-2026-35341 is a high-severity vulnerability in the mkfifo utility of uutils coreutils, involving a logic-flow bypass and a TOCTOU race condition that permits unauthorized file permission degradation and privilege escalation.\n\n## TL;DR\nA logical flow-control bypass and a TOCTOU race condition in the uutils coreutils mkfifo utility allow unprivileged local attackers to degrade system file permissions and escalate privileges.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-732\n- **Attack Vector**: Local (AV:L)\n- **CVSS v3.1 Score**: 7.1\n- **EPSS Score**: 0.00165\n- **Exploit Status**: Proof of Concept (PoC) Available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- uutils coreutils\n- Wolfi developer images\n- Chainguard developer images\n- Debian Linux (experimental uutils-coreutils package)\n- Ubuntu Linux (experimental uutils-coreutils package)\n- **coreutils**: &lt; commit pull/10376 (Fixed in: `PR #10376 merged version`)\n\n## Mitigation\n\n- Upgrade uutils coreutils to a release incorporating Pull Request #10376.\n- Enable system-wide symlink protections via sysctl configuration.\n- Avoid executing mkfifo with elevated privileges in globally writable directories.\n\n**Remediation Steps:**\n1. Identify all system deployments using uutils coreutils instead of GNU coreutils.\n2. Recompile or update uutils coreutils packages to versions beyond the commit in PR #10376.\n3. Add 'fs.protected_symlinks = 1' to /etc/sysctl.conf and run 'sysctl -p' to apply protections.\n4. Audit existing critical file permissions to identify unauthorized modifications.\n\n## References\n\n- [uutils coreutils Issue #10020: mkfifo TOCTOU and logic flow permissions bypass](https://github.com/uutils/coreutils/issues/10020)\n- [uutils coreutils Pull Request #10376: mkfifo fix permissions update on creation failure](https://github.com/uutils/coreutils/pull/10376)\n- [Official CVE-2026-35341 Record on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-35341)\n- [Wiz Vulnerability Database Overview for CVE-2026-35341](https://www.wiz.io/vulnerability-database/cve/cve-2026-35341)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35341) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-07T00:00:02.961286Z"}]}