CVE-2026-35352
Received Received - Intake
TOCTOU Race Condition in uutils mkfifo Enables Privilege Escalation

Publication date: 2026-04-22

Last updated on: 2026-05-04

Assigner: Canonical Ltd.

Description
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link between these two operations. This redirects the chmod call to an arbitrary file, potentially enabling privilege escalation if the utility is run with elevated privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35352
EUVD
EUVD-2026-24986
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uutils coreutils *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Time-of-Check to Time-of-Use (TOCTOU) race condition in the mkfifo utility of uutils coreutils. The utility first creates a FIFO (named pipe) and then changes its permissions using a path-based chmod operation. A local attacker who has write access to the parent directory can exploit the time gap between these two operations by replacing the newly created FIFO with a symbolic link pointing to an arbitrary file. As a result, the chmod command modifies the permissions of the targeted file instead of the FIFO, potentially allowing the attacker to escalate privileges if the utility is executed with elevated rights.

Impact Analysis

This vulnerability can allow a local attacker with write access to the parent directory to escalate their privileges on the affected system. By exploiting the race condition, the attacker can change permissions on arbitrary files, potentially gaining unauthorized access or control. This can lead to compromise of system integrity, confidentiality, and availability, especially if the mkfifo utility is run with elevated privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35352. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart