High severity7.1NVD Advisory· Published Apr 22, 2026· Updated Apr 24, 2026
CVE-2026-35341
CVE-2026-35341
Description
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permissions call. This results in the existing file's permissions being changed to the default mode (often 644 after umask), potentially exposing sensitive files such as SSH private keys to other users on the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coreutilscrates.io | <= 0.8.0 | — |
Affected products
4- osv-coords3 versions
< 0.9.0-r0+ 2 more
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: <= 0.8.0
Patches
Vulnerability mechanics
References
3- github.com/uutils/coreutils/issues/10020nvdExploitIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-w8m4-4v35-v6x3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-35341ghsaADVISORY
News mentions
0No linked articles in our index yet.