What is CVE-2026-35360?

A medium-severity vulnerability exists in the touch utility of uutils coreutils, exposing organizations to data loss through a TOCTOU race condition. Immediate patching is advised to mitigate risks.

What is the severity of CVE-2026-35360?

CVE-2026-35360 has a severity rating of MEDIUM with a CVSS base score of 6.3.

CVE-2026-35360 | Medium Vulnerability in uutils coreutils

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. This vulnerability allows attackers to exploit a window of opportunity when the utility identifies a missing path and later attempts to create it using File::create(). The internal use of O_TRUNC in this process can lead to the unintended truncation of an existing file, resulting in permanent data loss.

This vulnerability has been rated with a CVSS score of 6.3, categorizing it as medium severity. The implications of this issue are significant, as it can lead to integrity and availability impacts. Organizations using the affected versions of uutils coreutils should prioritize patching to prevent potential exploitation.

As of now, there are no known exploits in the wild, but the nature of the vulnerability means it could easily be weaponized by attackers. Therefore, the urgency for defenders to remediate is high. Organizations should implement the necessary patches as soon as they become available.

Risk to organizations includes potential data loss and unavailability of critical systems. Given the medium severity and the potential impact, it is crucial to address this vulnerability in a timely manner.

Organizations should prioritize patching immediately.

Vulnerability Details

The official description states that the vulnerability exists in the touch utility of uutils coreutils, which suffers from a TOCTOU race condition during file creation. The CVSS score of 6.3 indicates medium severity, and the primary impact is on the integrity and availability of data. This vulnerability is categorized under CWE-367.

Affected versions are those of coreutils as indicated in the CVE data. The vulnerability was published on April 22, 2026, and has been analyzed for its risk and impact.

Technical Analysis

The root cause of this vulnerability is the TOCTOU race condition present in the touch utility. Attackers may leverage this condition by creating a file or swapping a symlink at the target path after the utility checks for the existence of the path but before it attempts to create it. The attack vector is local, and the complexity of the attack is high. The privilege required for exploitation is low, and user interaction is not necessary.

The confidentiality impact is minimal, as there is no expected leak of sensitive information. However, the integrity and availability impacts are significant, leading to potential data loss and system unavailability.

Risk & Impact Analysis

Organizations deploying the affected versions of coreutils are at risk of data loss due to the nature of this vulnerability. The ability for attackers to exploit this race condition can have a significant blast radius, especially in environments where critical data is processed or stored. The urgency assessment based on the CVSS score indicates that this vulnerability should be addressed in the priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerable configuration is found in coreutils from uutils, specifically any version before the patch has been released. It is vital for organizations to upgrade to the latest version once it is available.

Mitigation & Remediation

Organizations should monitor for updates regarding the patch for this vulnerability and apply it as soon as it is released. In the meantime, implementing strict access controls and monitoring file creation processes can help mitigate potential risks. For comprehensive security practices, organizations may consider engaging in penetration testing to evaluate their security posture.

Detection Guidance

Monitoring file creation logs and tracking behavioral anomalies in file handling can aid in the early detection of potential exploitation attempts. Security teams should also focus on identifying any unauthorized changes to critical files.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its representation of potential weaknesses in file handling at a system level. The TOCTOU race condition highlights the need for robust validation mechanisms during file operations to prevent similar issues. Security teams should take this as a strategic takeaway to enhance their defensive measures against such vulnerabilities.

Organizations may also benefit from reviewing their security practices by referencing the penetration testing methodology and assessing their approach to vulnerability management in light of this incident.

Additionally, ongoing education and awareness programs can empower teams to identify and address similar vulnerabilities proactively.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-35360: Medium Vulnerability in uutils coreutils