CVE-2026-35342
Received Received - Intake
Insecure Temporary File Creation in uutils mktemp Due to TMPDIR Handling

Publication date: 2026-04-22

Last updated on: 2026-05-04

Assigner: Canonical Ltd.

Description
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35342
EUVD
EUVD-2026-24971
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uutils coreutils to 0.6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-377 Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the mktemp utility of uutils coreutils, where it does not properly handle an empty TMPDIR environment variable. Unlike the GNU mktemp which defaults to using /tmp when TMPDIR is empty, uutils mktemp treats the empty string as a valid path. This causes temporary files to be created in the current working directory instead of a secure temporary directory.

As a result, if the current working directory has more permissive access controls or is accessible by other users, temporary files may be exposed unintentionally.

Compliance Impact

This vulnerability causes temporary files to be created in the current working directory instead of a secure temporary directory like /tmp. If the current working directory has more permissive access controls, this may lead to unintended information disclosure or unauthorized access to temporary data.

Such unintended disclosure or unauthorized access to temporary data could potentially impact compliance with data protection regulations and standards such as GDPR or HIPAA, which require appropriate safeguards to protect sensitive information.

However, the CVE description does not explicitly mention compliance impacts or specific regulatory consequences.

Detection Guidance

Detection of this vulnerability involves checking whether the mktemp utility from uutils coreutils is handling an empty TMPDIR environment variable incorrectly. Specifically, you can test if setting TMPDIR to an empty string causes temporary files to be created in the current working directory instead of /tmp.

A simple command to test this behavior is to run mktemp with TMPDIR set to an empty string and observe where the temporary file is created.

  • TMPDIR= mktemp

If the output file is created in the current working directory rather than /tmp, the system is vulnerable.

Mitigation Strategies

To mitigate this vulnerability, avoid setting the TMPDIR environment variable to an empty string when using the uutils coreutils mktemp utility.

Alternatively, ensure that TMPDIR is either unset or set to a valid secure temporary directory such as /tmp.

Additionally, consider updating or patching the uutils coreutils package once a fix is available to ensure proper handling of TMPDIR.

Impact Analysis

This vulnerability can lead to unintended information disclosure or unauthorized access to temporary data. Since temporary files are created in the current working directory rather than a secure temporary directory, other users with access to that directory might be able to read sensitive temporary files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart