CVE-2026-35362: CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Uutils coreutils
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize these protections, leaving directory traversal operations vulnerable to symlink race conditions.
AI Analysis
Technical Summary
The safe_traversal module in uutils coreutils is designed to prevent TOCTOU symlink race conditions by using file-descriptor-relative syscalls. However, this protection is limited to Linux targets. On other Unix-like operating systems like macOS and FreeBSD, the module does not implement these protections, resulting in a TOCTOU race condition vulnerability during directory traversal operations. This could allow an attacker to exploit symlink races to potentially influence file system operations. The CVSS 3.1 base score is 3.6, reflecting low severity with limited impact and requiring local access with high attack complexity.
Potential Impact
The vulnerability allows for a TOCTOU race condition in directory traversal on non-Linux Unix-like systems, potentially enabling an attacker with local access to exploit symlink races. The impact is limited to confidentiality and integrity with no availability impact, and the attack complexity is high. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or workaround is currently available, users on affected Unix-like systems should monitor vendor communications for updates. Avoid running untrusted code with elevated privileges and consider limiting local access to trusted users until a fix is released.
CVE-2026-35362: CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Uutils coreutils
Description
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize these protections, leaving directory traversal operations vulnerable to symlink race conditions.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The safe_traversal module in uutils coreutils is designed to prevent TOCTOU symlink race conditions by using file-descriptor-relative syscalls. However, this protection is limited to Linux targets. On other Unix-like operating systems like macOS and FreeBSD, the module does not implement these protections, resulting in a TOCTOU race condition vulnerability during directory traversal operations. This could allow an attacker to exploit symlink races to potentially influence file system operations. The CVSS 3.1 base score is 3.6, reflecting low severity with limited impact and requiring local access with high attack complexity.
Potential Impact
The vulnerability allows for a TOCTOU race condition in directory traversal on non-Linux Unix-like systems, potentially enabling an attacker with local access to exploit symlink races. The impact is limited to confidentiality and integrity with no availability impact, and the attack complexity is high. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or workaround is currently available, users on affected Unix-like systems should monitor vendor communications for updates. Avoid running untrusted code with elevated privileges and consider limiting local access to trusted users until a fix is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-02T12:58:56.088Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e8f7d319fe3cd2cdd00cfd
Added to database: 4/22/2026, 4:31:15 PM
Last enriched: 4/22/2026, 4:49:00 PM
Last updated: 4/23/2026, 2:42:11 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.