216.73.216.170

CVE-2026-35361

· Published 22/04/2026 17:16 · Modified 22/04/2026 21:23

Labels: CVE-2026-35361 2026-04-22CVE-2026-35361CWE-281[email protected]

Essential information

Published
22/04/2026 17:16
Modified
22/04/2026 21:23
Author
Creator
CVSS
3.4 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
uutils / coreutils cpe:2.3:a:uutils:coreutils:*:*:*:*:*:*:*:*

References