CVE-2026-35354
The CVE concerns the mv utility from uutils coreutils, where a TOCTOU race occurs during cross-device moves. The xattr preservation logic uses several path-based system calls that re-resolve inodes between operations, allowing a local attacker with directory write access to swap files during the ...