Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-35342

3.3 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 days, 11 hours ago Activity log

Created suggestion 6 days, 11 hours ago

uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.

References

https://github.com/uutils/coreutils/pull/10566 issue-trackingpatch
https://github.com/uutils/coreutils/releases/tag/0.6.0 vendor-advisory

Affected products

coreutils

<0.6.0

Matching in nixpkgs

pkgs.coreutils

GNU Core Utilities

nixos-unstable 9.10
- nixpkgs-unstable 9.10
- nixos-unstable-small 9.10
nixos-25.11 9.8
- nixos-25.11-small 9.8
- nixpkgs-25.11-darwin 9.8

pkgs.coreutils-full

GNU Core Utilities

nixos-unstable 9.10
- nixpkgs-unstable 9.10
- nixos-unstable-small 9.10
nixos-25.11 9.8
- nixos-25.11-small 9.8
- nixpkgs-25.11-darwin 9.8

pkgs.policycoreutils

SELinux policy core utilities

nixos-unstable 3.10
- nixpkgs-unstable 3.10
- nixos-unstable-small 3.10
nixos-25.11 3.8.1
- nixos-25.11-small 3.8.1
- nixpkgs-25.11-darwin 3.8.1

pkgs.uutils-coreutils

Cross-platform Rust rewrite of the GNU coreutils

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.coreutils-prefixed

GNU Core Utilities

nixos-unstable 9.10
- nixpkgs-unstable 9.10
- nixos-unstable-small 9.10
nixos-25.11 9.8
- nixos-25.11-small 9.8
- nixpkgs-25.11-darwin 9.8

pkgs.uutils-coreutils-noprefix

Cross-platform Rust rewrite of the GNU coreutils

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.minimal-bootstrap.coreutils

The GNU Core Utilities

nixos-unstable 5.0
- nixpkgs-unstable 5.0
- nixos-unstable-small 5.0

pkgs.selinuxPackages.policycoreutils

SELinux policy core utilities

nixos-unstable 3.10
- nixpkgs-unstable 3.10
- nixos-unstable-small 3.10

pkgs.minimal-bootstrap.coreutils-musl

The GNU Core Utilities

nixos-unstable 9.9
- nixpkgs-unstable 9.9
- nixos-unstable-small 9.9

pkgs.minimal-bootstrap.coreutils-static

The GNU Core Utilities

nixos-unstable 9.9
- nixpkgs-unstable 9.9
- nixos-unstable-small 9.9

Package maintainers

@dasJ Janne Heß <janne@hess.ooo>
@mdaniels5757 Michael Daniels <nix@mdaniels.me>
@infinisil Silvan Mosberger <contact@infinisil.com>
@pyrox0 Pyrox <pyrox@pyrox.dev>
@balsoft Alexander Bantyev <balsoft75@gmail.com>
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
@06kellyjac Jack <hello+nixpkgs@j-k.io>
@emilytrau Emily Trau <emily+nix@downunderctf.com>
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
@Artturin Artturi N <artturin@artturin.com>
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>