CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-35362

The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize these protections, leaving directory traversal operations vulnerable to symlink race conditions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.1%

CVSS Severity

CVSS v3 Score 3.6

References

https://github.com/uutils/coreutils/pull/9792
https://github.com/uutils/coreutils/releases/tag/0.6.0

Products affected by CVE-2026-35362

Uutils » Coreutils » Version: Any

cpe:2.3:a:uutils:coreutils:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35362

Products

Pricing

Contact Us