CVE-2026-35360

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The touch utility is subject to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. This occurs when the utility identifies a missing path and subsequently attempts creation using the File::create() function, which internally utilizes O TRUNC. An attacker can exploit the timing window to create a file or swap a symlink at the target path, resulting in the truncation of an existing file and permanent data loss.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.