HOMEVULNERABILITIESCVE-2026-35376
MEDIUM

CVE-2026-35376

CWE-367Published: April 22, 2026· Updated: Apr 22, 2026

4.5
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:1.5th

Official Description

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup (via fts_accpath) rather than binding the traversal and label application to the specific directory state encountered during traversal. Because these operations are not anchored to file descriptors, a local attacker with write access to a directory tree can exploit timing-sensitive rename or symbolic link races to redirect a privileged recursive relabeling operation to unintended files or directories. This vulnerability breaks the hardening expectations for SELinux administration workflows and can lead to the unauthorized modification of security labels on sensitive system objects.

NVD Source

Technical Analysis

CVE-2026-35376 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityHigh
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityLow
IntegrityLow
AvailabilityLow
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-35376
CVSS Score4.5 / 10
SeverityMEDIUM
WeaknessCWE-367
CISA KEVNo
EPSS (30d)0.01%
PublishedApr 22, 2026

Related CVEs (CWE-367)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-35376 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.