CVE-2026-35361 LOW

CVE-2026-35361: uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems

Vendor Uutils
Product coreutils
Weakness CWE-281
Published April 22, 2026
Last update April 22, 2026

CVSS base score

3.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 22, 2026 Record updated