uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup via ftsaccpath rather than binding the traversal and label application to the specific directory...

CVE-2026-35376

A TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The code uses a fresh path lookup (fts_accpath) to resolve targets instead of binding traversal and label application to the directory state encountered during traversal, and the operations are not...