top of page
perceptive_background_267k.jpg

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because…

Published:

21 april 2026 om 22:00:00

Alert date:

22 april 2026 om 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Operating Systems, Supply Chain & Dependencies

A vulnerability in uutils coreutils mkfifo command allows unauthorized modification of file permissions on existing files. When mkfifo fails to create a FIFO due to an existing file at the target path, it incorrectly continues execution and calls set_permissions, changing the existing file's permissions to default mode (typically 644). This can expose sensitive files like SSH private keys to unauthorized users on the system by making them readable by others when they should have restricted permissions.

Technical details

Mitigation steps:

Affected products:

uutils coreutils

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-35341
https://github.com/uutils/coreutils/issues/10020

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page