Back to CVE List

CVE-2026-35362

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.6 / 10
Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Vulnerability Description

The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize these protections, leaving directory traversal operations vulnerable to symlink race conditions.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-367
Source
NVD
Vendor
Uutils
Product
coreutils

External References

Discussion (0)

Add Comment

No comments yet. Be the first!