CVE-2026-35357 in coreutilsالمعلومات

الملخص

بحسب MITRE • 22/04/2026

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file during this window; once obtained, the file descriptor remains valid and readable even after the permissions are tightened, exposing sensitive or private file contents.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Canonical

حجز

02/04/2026

إفشاء

22/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-359035

CPE

جاهز

CWE

CWE-367 (مؤكد)

CVSS

4.7 (CNA)

EPSS

0.00012

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-35357
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-35357
CVE Details	https://www.cvedetails.com/cve/CVE-2026-35357/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!