CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

CVE-2026-35355 uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race

The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the OEXCL flag. A local attacker can exploit t...

CVE-2026-35355

CVE-2026-35355 concerns the install utility in uutils coreutils . The vulnerability arises from a TOCTOU race during file installation: the code unlinks an existing destination file and then recreates it via a path-based operation without using the O_EXCL flag. This creates a window where a local...

CVE-2026-35355

The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the OEXCL flag. A local attacker can exploit t...