{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35341", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-04-02T12:58:56.087Z", "datePublished": "2026-04-22T16:07:39.221Z", "dateUpdated": "2026-04-24T13:43:36.473Z"}, "containers": {"cna": {"title": "uutils coreutils mkfifo Unauthorized Permission Change on Existing Files", "affected": [{"vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "collectionURL": "https://github.com/uutils", "packageName": "coreutils", "repo": "https://github.com/uutils/coreutils", "defaultStatus": "affected"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permissions call. This results in the existing file's permissions being changed to the default mode (often 644 after umask), potentially exposing sensitive files such as SSH private keys to other users on the system."}], "references": [{"url": "https://github.com/uutils/coreutils/issues/10020", "tags": ["issue-tracking"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}}], "credits": [{"lang": "en", "value": "Zellic", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:07:39.221Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T03:55:23.826443Z", "id": "CVE-2026-35341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T13:43:36.473Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-24T03:55:23.826443Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:14:48.241Z"}}], "cna": {"title": "uutils coreutils mkfifo Unauthorized Permission Change on Existing Files", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Zellic"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/uutils/coreutils", "vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "packageName": "coreutils", "collectionURL": "https://github.com/uutils", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/uutils/coreutils/issues/10020", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permissions call. This results in the existing file's permissions being changed to the default mode (often 644 after umask), potentially exposing sensitive files such as SSH private keys to other users on the system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:07:39.221Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35341", "state": "PUBLISHED", "dateUpdated": "2026-04-24T13:43:36.473Z", "dateReserved": "2026-04-02T12:58:56.087Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2026-04-22T16:07:39.221Z", "assignerShortName": "canonical"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uutils:coreutils:-:*:*:*:*:rust:*:*", "matchCriteriaId": "4A9AF9E4-E17C-48AD-8051-B49998618839", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permissions call. This results in the existing file's permissions being changed to the default mode (often 644 after umask), potentially exposing sensitive files such as SSH private keys to other users on the system."}], "id": "CVE-2026-35341", "lastModified": "2026-04-24T19:05:55.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2026-04-22T17:16:36.060", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/uutils/coreutils/issues/10020"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T18:17:27.650209+00:00", "value": {"mitigation_remediation": ["Update the uutils coreutils package to a version that includes the mkfifo fix.", "If updating is not immediately possible, consider removing or restricting access to the buggy mkfifo binary to prevent its use.", "Ensure that files containing sensitive information are stored in directories that enforce strict permissions and are not reachable by untrusted users."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Permission Modification"}, "threat_synthesis": {"affected_systems": "The affected product is uutils coreutils, specifically the mkfifo utility. No version information is enumerated in the data, so any installation of uutils coreutils that implements the flawed mkfifo logic may be vulnerable.", "description_and_impact": "The vulnerability in the uutils coreutils mkfifo command allows an attacker to change the permissions of an existing file after the creation of a FIFO fails. When a FIFO cannot be created because a file already exists at the target path, mkfifo does not abort the operation and proceeds to call set_permissions on that file. The permissions are then set to the default mode derived from the umask, often 0644. This behavior can expose sensitive files, such as SSH private keys, to other users. The weakness is a failure to enforce expected access controls (CWE-732).", "risk_and_exploitability": "The CVSS score for this issue is 7.1, indicating a high severity. No EPSS score is available, and the vulnerability is not listed in CISA\u2019s KEV catalog. An attacker would typically need local write access to a directory where a file already exists so that the mkfifo operation fails and the follow\u2011up permission change is applied. The inferred attack vector is local, and the impact can lead to unauthorized file access if sensitive files become world readable."}}}}, "created": "2026-04-22T18:30:23.751691+00:00", "updated": "2026-04-22T18:30:23.751707+00:00", "vendors": []}