CVE-2026-35354

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A Time-of-Check to Time-of-Use (TOCTOU) issue exists in the mv utility during cross-device moves. The logic for preserving extended attributes (xattr) relies on multiple path-based system calls that perform new path-to-inode lookups for every operation. A local attacker with write access to the directory can exploit this race condition to swap files between calls, resulting in the destination file receiving an inconsistent mix of security xattrs, such as file capabilities or SELinux labels.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.