Bug 2458960 (CVE-2026-5958) - CVE-2026-5958 sed: GNU sed TOCTOU race condition
Summary: CVE-2026-5958 sed: GNU sed TOCTOU race condition
Keywords:
Status: NEW
Alias: CVE-2026-5958
Deadline: 2026-04-19
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-16 16:21 UTC by OSIDB Bzimport
Modified: 2026-05-28 13:36 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-16 16:21:19 UTC
A Time-of-Check Time-of-Use (TOCTOU) race condition was found in GNU sed. When the -i (in-place) and --follow-symlinks options are used together, sed resolves the symlink but reopens the path for writing. An attacker with write access to the directory containing the symlink can swap it between the check and the open operations. If a privileged user executes sed in this manner on a path influenced by the attacker, it can lead to arbitrary file overwrites and potential privilege escalation.


Note You need to log in before you can comment on or make changes to this bug.