{"uuid": "4b748536-623b-4b46-b79d-d8bddcdf2983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35361", "type": "seen", "source": "https://gist.github.com/alon710/6c1cffea0af70b2d894e0c1c7fb89b36", "content": "# CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod\n\n&gt; **CVSS Score:** 3.4\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-35361\n\n## Summary\nA security permission bypass vulnerability exists in the mknod utility of uutils coreutils on Linux systems utilizing SELinux. The utility fails to atomically assign SELinux security contexts during special file creation. When assignment fails, the program attempts cleanup using an incorrect file system API, which fails silently. This leaves mislabeled, orphaned special files on disk with potentially weaker default inherited permissions.\n\n## TL;DR\nThe mknod utility in uutils coreutils fails to clean up orphaned special files when SELinux labeling fails because it incorrectly attempts to delete them using rmdir instead of unlink. This leaves mislabeled device nodes or FIFOs on disk under default permissions, bypassing mandatory access controls.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-281, CWE-459\n- **Attack Vector**: Local\n- **CVSS Score**: 3.4\n- **EPSS Score**: 0.00142 (0.142%)\n- **Exploit Status**: Proof of Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Linux systems utilizing SELinux where uutils coreutils mknod is installed\n- **uutils coreutils**: &lt; 0.6.0 (Fixed in: `0.6.0`)\n\n## Mitigation\n\n- Upgrade to uutils coreutils version 0.6.0 or later to ensure proper cleanup of orphaned special files.\n- Validate that newly created nodes do not exist on the filesystem if a mknod command fails when setting a custom context.\n- Implement automated filesystem integrity and security context audits on sensitive device directories.\n\n**Remediation Steps:**\n1. Identify installations of uutils coreutils older than version 0.6.0.\n2. Apply the update to version 0.6.0 or newer via the system package manager or Cargo compile.\n3. Deploy the configuration changes to active auditing tools (such as Auditd) to monitor for failed cleanup attempts.\n4. Verify the installation by running the validation test script to confirm proper cleanup of invalid contexts.\n\n## References\n\n- [GitHub Pull Request #10582](https://github.com/uutils/coreutils/pull/10582)\n- [GitHub Fix Commit](https://github.com/uutils/coreutils/commit/42b2ad83cdcf6e959ecb378c5040c60d9c64becf)\n- [uutils coreutils 0.6.0 Release Notes](https://github.com/uutils/coreutils/releases/tag/0.6.0)\n- [CVE Record for CVE-2026-35361](https://www.cve.org/CVERecord?id=CVE-2026-35361)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35361) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T23:11:39.098159Z"}