Description
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link between these two operations. This redirects the chmod call to an arbitrary file, potentially enabling privilege escalation if the utility is run with elevated privileges.
Published: 2026-04-22
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via TOCTOU race condition
Action: Apply Patch
AI Analysis

Impact

The mkfifo utility in uutils coreutils contains a Time‑of‑Check to Time‑of‑Use race condition. A locally privileged attacker can create a FIFO, then replace it with a symlink before the subsequent chmod operation completes, causing the chmod to affect an arbitrary file. This can allow an attacker to change permissions of critical files when mkfifo is executed with elevated rights, resulting in privilege escalation.

Affected Systems

The affected product is uutils coreutils. No specific version numbers are listed, so all current releases prior to the fix are potentially impacted.

Risk and Exploitability

The vulnerability scores a CVSS of 7, indicating moderate to high risk. EPSS information is not available and the vulnerability is not in the CISA KEV catalog. The likely attack vector is local; an attacker must have write permission in the target directory. Exploitation requires the utility to run with elevated privileges, such as a set‑uid wrapper or a cron job, making host compromise a real threat under those conditions.

Generated by OpenCVE AI on April 22, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update uutils coreutils to the latest version that includes the race condition fix.
  • If an update is not immediately possible, limit write access to directories where mkfifo is used, ensuring that untrusted users cannot create or rename files there.
  • Run mkfifo only under non‑privileged accounts or use additional safeguards such as SELinux/AppArmor to enforce strict permission boundaries.

Generated by OpenCVE AI on April 22, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link between these two operations. This redirects the chmod call to an arbitrary file, potentially enabling privilege escalation if the utility is run with elevated privileges.
Title uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-04-22T18:03:46.539Z

Reserved: 2026-04-02T12:58:56.087Z

Link: CVE-2026-35352

cve-icon Vulnrichment

Updated: 2026-04-22T18:03:30.321Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T17:16:37.597

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-35352

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T18:15:15Z

Weaknesses