CVE-2026-35362

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The safe traversal module, designed to protect against Time-of-Check to Time-of-Use (TOCTOU) symlink races—a condition where a file is modified between the time it is checked and the time it is used—using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. Consequently, on other Unix-like systems such as macOS and FreeBSD, directory traversal operations are susceptible to symlink race conditions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.