2460767 – (CVE-2026-35342) CVE-2026-35342 rust-coreutils: mktemp: insecure temporary file placement via empty TMPDIR

Bug 2460767 (CVE-2026-35342) - CVE-2026-35342 rust-coreutils: mktemp: insecure temporary file placement via empty TMPDIR

Summary: CVE-2026-35342 rust-coreutils: mktemp: insecure temporary file placement via ...

Keywords:
Status:	NEW
Alias:	CVE-2026-35342
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2461170 2461171
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-22 17:01 UTC by OSIDB Bzimport
Modified:	2026-04-24 19:00 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-22 17:01:32 UTC

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.

Note You need to log in before you can comment on or make changes to this bug.