CVE-2026-35360: CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Uutils coreutils
The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create(), which internally uses O_TRUNC. An attacker can exploit this window to create a file or swap a symlink at the target path, causing touch to truncate an existing file and leading to permanent data loss.
AI Analysis
Technical Summary
The touch utility in uutils coreutils suffers from a TOCTOU race condition when creating files. After detecting a missing file path, touch calls File::create(), which opens the file with O_TRUNC, truncating it if it exists. Because of the race window between the check and the use, an attacker with local access and limited privileges can create or swap a symlink at the target path, causing unintended truncation of files. This vulnerability is tracked as CVE-2026-35360 with a CVSS 3.1 score of 6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H). No known exploits are reported in the wild, and no patch or official remediation level has been published.
Potential Impact
Exploitation of this vulnerability can lead to permanent data loss by truncating existing files due to the race condition in file creation. The integrity and availability of files can be compromised. Confidentiality is not affected. The attack requires local access with low privileges and high attack complexity due to the timing requirements.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid running the vulnerable touch utility in untrusted or multi-user environments where an attacker could exploit the race condition. Monitor vendor channels for updates or official patches.
CVE-2026-35360: CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Uutils coreutils
Description
The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create(), which internally uses O_TRUNC. An attacker can exploit this window to create a file or swap a symlink at the target path, causing touch to truncate an existing file and leading to permanent data loss.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The touch utility in uutils coreutils suffers from a TOCTOU race condition when creating files. After detecting a missing file path, touch calls File::create(), which opens the file with O_TRUNC, truncating it if it exists. Because of the race window between the check and the use, an attacker with local access and limited privileges can create or swap a symlink at the target path, causing unintended truncation of files. This vulnerability is tracked as CVE-2026-35360 with a CVSS 3.1 score of 6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H). No known exploits are reported in the wild, and no patch or official remediation level has been published.
Potential Impact
Exploitation of this vulnerability can lead to permanent data loss by truncating existing files due to the race condition in file creation. The integrity and availability of files can be compromised. Confidentiality is not affected. The attack requires local access with low privileges and high attack complexity due to the timing requirements.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid running the vulnerable touch utility in untrusted or multi-user environments where an attacker could exploit the race condition. Monitor vendor channels for updates or official patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-02T12:58:56.088Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e8f7d319fe3cd2cdd00cf6
Added to database: 4/22/2026, 4:31:15 PM
Last enriched: 4/22/2026, 5:01:13 PM
Last updated: 4/23/2026, 12:59:48 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.