uutils mkfifo Flaw Exposes Sensitive Files to Permission Changes
A critical vulnerability, CVE-2026-35341, exists within the uutils coreutils mkfifo utility, as detailed by the National Vulnerability Database. This flaw enables unauthorized modification of permissions on pre-existing files. The issue arises when mkfifo fails to create a FIFO because a file already occupies the target path; instead of terminating, it proceeds to execute a set_permissions call.
This oversight results in the existing file’s permissions being reset to a default mode, frequently 644 after umask application. The National Vulnerability Database warns that this could expose highly sensitive data, such as SSH private keys, to other unauthorized users on the system. The vulnerability carries a CVSS score of 7.1 (HIGH), indicating a significant risk to confidentiality and integrity.
For defenders, this is a clear operational security issue. The attacker’s calculus is simple: exploit a common utility’s error handling to achieve privilege escalation or lateral movement by exposing critical credentials. CISOs must understand that this isn’t about arbitrary code execution, but about undermining fundamental file system security. It’s a silent permission change that can open the door to far more damaging attacks.
What This Means For You
- If your Linux systems utilize uutils coreutils, specifically mkfifo, you need to assess your exposure. This vulnerability could silently expose SSH private keys and other sensitive files by altering their permissions. Prioritize auditing file permissions in critical directories and ensure your systems are patched against CVE-2026-35341 as soon as a fix is available.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-35341: uutils mkfifo permission modification on existing file
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-35341 | Misconfiguration | uutils coreutils mkfifo |
| CVE-2026-35341 | Information Disclosure | Unauthorized modification of permissions on existing files by mkfifo |
| CVE-2026-35341 | Privilege Escalation | Existing file's permissions changed to default mode (e.g., 644) by mkfifo, exposing sensitive files like SSH private keys |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 22, 2026 at 20:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-34066 — nimiq-blockchain provides persistent block storage for
CVE-2026-34066 — nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must...
Nimiq Primitives Node Panic via Malformed BLS Key
CVE-2026-34065 — nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can...
CVE-2026-34064 — nimiq-account contains account primitives to be used in
CVE-2026-34064 — nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but...