Vulnerability in Gnu Sed
CVE-2026-5958
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path…
Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)
EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.
Affected products
- Gnu Sed — versions 4.1e
Weakness classification (CWE)
References
- cvd@cert.pl (product)
- cvd@cert.pl (third-party-advisory)
- af854a3a-2127-422b-91ae-364da2661108