Tag
A vulnerability (CVE-2026-35341) exists in the `uu_mkfifo` utility of `uutils coreutils`, affecting versions prior to 0.6.0. When `mkfifo()` fails because the target file already exists, the utility incorrectly proceeds to modify the permissions of the pre-existing file to `0644`. This can inadvertently relax permissions on sensitive owner-only files, such as SSH private keys, making them accessible to other users on the system and potentially enabling unauthorized access or information disclosure. The issue has been patched in PR #10376.