What is CVE-2026-35361?

CVE-2026-35361 is a low-severity vulnerability in Uutils Coreutils, classified under Improper Preservation of Permissions. CVSS score: 3.4/10. Published 2026-04-22.

How severe is CVE-2026-35361?

Low severity. CVSS v3 base score is 3.4 out of 10.

Vulnerability in Uutils Coreutils

CVE-2026-35361

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove de…

EPSS: 0.000 (4.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.4 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N.

Affected products

Uutils Coreutils — versions 0

Weakness classification (CWE)

CWE-281 — Improper Preservation of Permissions
CWE-459 — Incomplete Cleanup

References

github.com/uutils/coreutils/pull/10582 (issue-tracking, patch)
github.com/uutils/coreutils/releases/tag/0.6.0 (vendor-advisory)

Frequently asked questions

What is CVE-2026-35361?: CVE-2026-35361 is a low-severity vulnerability in Uutils Coreutils, classified under Improper Preservation of Permissions. CVSS score: 3.4/10. Published 2026-04-22.
How severe is CVE-2026-35361?: Low severity. CVSS v3 base score is 3.4 out of 10.