diff --git a/uwac/libuwac/uwac-os.c b/uwac/libuwac/uwac-os.c
index 449252f50..588bc478b 100644
--- a/uwac/libuwac/uwac-os.c
+++ b/uwac/libuwac/uwac-os.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <sys/epoll.h>
+#include <sys/stat.h>
 
 #include <uwac/config.h>
 
@@ -178,6 +179,14 @@ int uwac_os_epoll_create_cloexec(void)
 	return set_cloexec_or_close(fd);
 }
 
+static int secure_mkstemp(char* tmpname)
+{
+	const mode_t mask = umask(S_IRWXU);
+	int fd = mkstemp(tmpname);
+	(void)umask(mask);
+	return fd;
+}
+
 static int create_tmpfile_cloexec(char* tmpname)
 {
 	int fd = 0;
@@ -190,7 +199,7 @@ static int create_tmpfile_cloexec(char* tmpname)
 		unlink(tmpname);
 
 #else
-	fd = mkstemp(tmpname);
+	fd = secure_mkstemp(tmpname);
 
 	if (fd >= 0)
 	{
diff --git a/winpr/libwinpr/file/test/TestFileDeleteFile.c b/winpr/libwinpr/file/test/TestFileDeleteFile.c
index 500693133..40649dba5 100644
--- a/winpr/libwinpr/file/test/TestFileDeleteFile.c
+++ b/winpr/libwinpr/file/test/TestFileDeleteFile.c
@@ -5,6 +5,22 @@
 #include <winpr/file.h>
 #include <winpr/windows.h>
 
+#if !defined(_WIN32)
+#include <sys/stat.h>
+#endif
+
+static int secure_mkstemp(char* tmpname)
+{
+#if !defined(_WIN32)
+	const mode_t mask = umask(S_IRWXU);
+#endif
+	int fd = mkstemp(tmpname);
+#if !defined(_WIN32)
+	(void)umask(mask);
+#endif
+	return fd;
+}
+
 int TestFileDeleteFile(int argc, char* argv[])
 {
 	BOOL rc = FALSE;
@@ -28,7 +44,7 @@ int TestFileDeleteFile(int argc, char* argv[])
 	if (rc)
 		return -1;
 
-	fd = mkstemp(validA);
+	fd = secure_mkstemp(validA);
 	if (fd < 0)
 		return -1;
 
@@ -36,7 +52,7 @@ int TestFileDeleteFile(int argc, char* argv[])
 	if (!rc)
 		return -1;
 
-	fd = mkstemp(validW);
+	fd = secure_mkstemp(validW);
 	if (fd < 0)
 		return -1;