Description
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permissions call. This results in the existing file's permissions being changed to the default mode (often 644 after umask), potentially exposing sensitive files such as SSH private keys to other users on the system.
Published: 2026-04-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Permission Modification
Action: Apply Patch
AI Analysis

Impact

The vulnerability in the uutils coreutils mkfifo command allows an attacker to change the permissions of an existing file after the creation of a FIFO fails. When a FIFO cannot be created because a file already exists at the target path, mkfifo does not abort the operation and proceeds to call set_permissions on that file. The permissions are then set to the default mode derived from the umask, often 0644. This behavior can expose sensitive files, such as SSH private keys, to other users. The weakness is a failure to enforce expected access controls (CWE-732).

Affected Systems

The affected product is uutils coreutils, specifically the mkfifo utility. No version information is enumerated in the data, so any installation of uutils coreutils that implements the flawed mkfifo logic may be vulnerable.

Risk and Exploitability

The CVSS score for this issue is 7.1, indicating a high severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. An attacker would typically need local write access to a directory where a file already exists so that the mkfifo operation fails and the follow‑up permission change is applied. The inferred attack vector is local, and the impact can lead to unauthorized file access if sensitive files become world readable.

Generated by OpenCVE AI on April 22, 2026 at 18:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the uutils coreutils package to a version that includes the mkfifo fix.
  • If updating is not immediately possible, consider removing or restricting access to the buggy mkfifo binary to prevent its use.
  • Ensure that files containing sensitive information are stored in directories that enforce strict permissions and are not reachable by untrusted users.

Generated by OpenCVE AI on April 22, 2026 at 18:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permissions call. This results in the existing file's permissions being changed to the default mode (often 644 after umask), potentially exposing sensitive files such as SSH private keys to other users on the system.
Title uutils coreutils mkfifo Unauthorized Permission Change on Existing Files
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-04-22T18:14:56.746Z

Reserved: 2026-04-02T12:58:56.087Z

Link: CVE-2026-35341

cve-icon Vulnrichment

Updated: 2026-04-22T18:14:48.241Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T17:16:36.060

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-35341

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T18:30:23Z

Weaknesses