Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Packagekit_Project Packagekit

Pack2TheRoot Lab — CVE-2026-41651 A Dockerised, CTF-style loc...

openSUSE 16 Security Update : libcap (openSUSE-SU-2026:20613-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20613-1 advisory. - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in capsetfile bsc1261809. Tenable has extract...

Exploit for CVE-2026-41651

Pack2TheRoot — CVE-2026-41651 TOCTOU race condition in Pack...

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...

CVE-2026-35364

The CVE-2026-35364 entry describes a TOCTOU race in the mv utility of the uutils coreutils project during cross-device operations. The vulnerability arises when mv removes the destination path and recreates it via a copy; a local attacker with write access to the destination directory can replace...

CVE-2026-35360 uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...

CVE-2026-35360

The CVE-2026-35360 entry concerns the touch utility in uutils coreutils. A TOCTOU race occurs during file creation: when touch detects a missing path, it later calls File::create(), which uses O_TRUNC, allowing a local attacker to create a file or swap a symlink at the target path. This can cause...

CVE-2026-35352 uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link...

CVE-2026-41651

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

[SECURITY] [DSA 6226-1] packagekit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6226-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2026 https://www.debian.org/security/faq -...

Linux Distros Unpatched Vulnerability : CVE-2026-35352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based...

Debian dsa-6226 : gir1.2-packagekitglib-1.0 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6226 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6226-1 [email protected] https://www.debian.org/security/...

Debian dla-4545 : gir1.2-packagekitglib-1.0 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4545 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4545-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2026-35355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlin...

Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

CVE-2026-41296 OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files...

CVE-2026-41296

CVE-2026-41296 affects OpenClaw prior to 2026.3.31. A time-of-check-time-of-use race in the remote filesystem bridge readFile function allows sandbox escape by exploiting separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. The vulnerability i...

SUSE-SU-2026:21257-1 Security update for libcap

This update for libcap fixes the following issue: - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in capsetfile bsc1261809...

UBUNTU-CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...