CVE-2026-35341

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A flaw in the mkfifo utility allows for the unauthorized modification of permissions on existing files. When the utility fails to create a FIFO because a file already exists at the target path, it does not terminate the operation. Instead, it proceeds to execute a set permissions call, which changes the existing file's permissions to the default mode (typically 644 after umask). This can lead to the exposure of sensitive files, such as SSH private keys, to other users on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.