PT-2026-33758 · Gnu+2 · Gnu Sed+2
Marcin Wyczechowski
+1
·
Published
2026-04-19
·
Updated
2026-05-29
·
CVE-2026-5958
CVSS v4.0
2.1
Low
| Vector | AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
gnu sed versions prior to 4.10
Description
A race condition exists when the software is invoked with both -i (in-place edit) and --follow-symlinks. The function
open next file() performs two separate, non-atomic filesystem operations on the same path: it resolves the symlink to its target to determine where output is written, and then opens the original symlink path to read the file. An attacker can atomically replace the symlink with a different target between these two calls, causing the software to read content from the new target and write the processed result to the path recorded in the first step. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the process.Recommendations
Update to version 4.10.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu Sed
Linuxmint
Ubuntu