← Voltar para CVEs
CVE-2026-35362
LOW3.6
Descricao
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize these protections, leaving directory traversal operations vulnerable to symlink race conditions.
Detalhes CVE
Pontuacao CVSS v3.13.6
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado4/22/2026
Ultima modificacao4/22/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-367
Referencias
https://github.com/uutils/coreutils/pull/9792(security@ubuntu.com)
https://github.com/uutils/coreutils/releases/tag/0.6.0(security@ubuntu.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.