CVE-2026-35353 PUBLISHED

uutils coreutils mkdir Permission Exposure Race Condition with -m

Assigner: canonical
Reserved: 02.04.2026 Published: 22.04.2026 Updated: 22.04.2026

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces a brief window where a directory intended to be private is accessible to other users, potentially leading to unauthorized data access.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.3

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Uutils
Product	coreutils
Versions	Default: unaffected affected from 0 to 0.6.0 (excl.)

Credits

Zellic finder

References

Problem Types

CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition CWE

Impacts

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions