CVE-2026-35342

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The mktemp utility fails to properly handle an empty TMPDIR environment variable. While other implementations fall back to /tmp when TMPDIR is an empty string, this implementation treats the empty string as a valid path, resulting in temporary files being created in the current working directory. This behavior can lead to unauthorized access to temporary data or information disclosure if the current working directory has more permissive access controls than the intended secure temporary directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.