CVE-2026-35361

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The mknod utility fails to handle security labels atomically because it creates device nodes before setting the SELinux context. If the labeling process fails, the utility attempts cleanup using the std::fs::remove dir() function, which is unable to remove device nodes or FIFOs. This results in mislabeled nodes remaining with incorrect default contexts, which could allow unauthorized access to device nodes that should be restricted by mandatory access controls.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.