Medium-Severity Security Flaw Found in uutils coreutils Install Utility

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability, tracked as CVE-2026-35356, has been identified in the `install` utility of uutils coreutils. This flaw specifically affects the utility when the -D flag is used. An attacker with concurrent write access could potentially exploit this to redirect privileged writes to arbitrary file system locations. The vulnerability has been rated with a CVSSv3 base score of 6.3, indicating its medium severity.