CVE-2026-35357: CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Uutils coreutils
The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file during this window; once obtained, the file descriptor remains valid and readable even after the permissions are tightened, exposing sensitive or private file contents.
AI Analysis
Technical Summary
CVE-2026-35357 describes a TOCTOU race condition vulnerability in the cp utility of uutils coreutils. When copying files, the destination file is first created with permissions derived from the system umask (e.g., 0644), then later adjusted to the intended restrictive permissions (e.g., 0600). During this interval, a local attacker can race to open the file descriptor, which remains valid and readable even after permissions are tightened. This allows unauthorized reading of sensitive or private file contents. The vulnerability requires local access and high attack complexity, with no user interaction needed. The vendor has not provided a patch or official remediation at this time.
Potential Impact
The vulnerability allows a local attacker to read sensitive file contents by exploiting a race condition in file permission setting during the copy operation. Confidentiality is impacted due to potential unauthorized disclosure of private data. Integrity and availability are not affected. The attack requires local privileges and is of medium severity (CVSS 4.7). There are no known exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid running the cp utility from uutils coreutils in untrusted local environments or restrict local user access to trusted users only. Monitor vendor channels for updates or official patches addressing this race condition.
CVE-2026-35357: CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Uutils coreutils
Description
The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file during this window; once obtained, the file descriptor remains valid and readable even after the permissions are tightened, exposing sensitive or private file contents.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-35357 describes a TOCTOU race condition vulnerability in the cp utility of uutils coreutils. When copying files, the destination file is first created with permissions derived from the system umask (e.g., 0644), then later adjusted to the intended restrictive permissions (e.g., 0600). During this interval, a local attacker can race to open the file descriptor, which remains valid and readable even after permissions are tightened. This allows unauthorized reading of sensitive or private file contents. The vulnerability requires local access and high attack complexity, with no user interaction needed. The vendor has not provided a patch or official remediation at this time.
Potential Impact
The vulnerability allows a local attacker to read sensitive file contents by exploiting a race condition in file permission setting during the copy operation. Confidentiality is impacted due to potential unauthorized disclosure of private data. Integrity and availability are not affected. The attack requires local privileges and is of medium severity (CVSS 4.7). There are no known exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid running the cp utility from uutils coreutils in untrusted local environments or restrict local user access to trusted users only. Monitor vendor channels for updates or official patches addressing this race condition.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-02T12:58:56.087Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e8f7d019fe3cd2cdd00c82
Added to database: 4/22/2026, 4:31:12 PM
Last enriched: 4/22/2026, 5:01:34 PM
Last updated: 4/23/2026, 12:20:01 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.