CVE-2026-35357 in coreutils정보

요약

\~에 의해 MITRE • 2026. 04. 22.

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file during this window; once obtained, the file descriptor remains valid and readable even after the permissions are tightened, exposing sensitive or private file contents.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Canonical

예약하다

2026. 04. 02.

공개

2026. 04. 22.

모더레이션

수락

항목

VDB-359035

CPE

준비됨

CWE

CWE-367 (확인됨)

CVSS

4.7 (CNA)

EPSS

0.00012

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-35357
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-35357
CVE Details	https://www.cvedetails.com/cve/CVE-2026-35357/

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!