CVE-2026-35364

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A Time-of-Check to Time-of-Use (TOCTOU) race condition occurs in the 'mv' utility during cross-device operations. This happens because the utility removes the destination path before recreating it via a copy operation. A local attacker with write access to the destination directory can replace the destination with a symbolic link during this interval. Consequently, the privileged move operation follows the symlink, enabling the attacker to redirect the write process and overwrite an arbitrary target file with the source contents. TOCTOU is a software bug where a system checks a condition and then assumes it remains true for a subsequent operation, creating a window for manipulation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.