diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c
index 58a2aa6ab4..8bdfdfe20a 100644
--- a/src/util-mpm-hs-cache.c
+++ b/src/util-mpm-hs-cache.c
@@ -374,7 +374,15 @@ int SCHSCachePruneEvaluate(MpmConfig *mpm_conf, HashTable *inuse_caches)
             continue;
 
         struct stat st;
-        if (stat(path, &st) != 0 || !S_ISREG(st.st_mode))
+        /* TOCTOU: race window between stat and unlink is acceptable here.
+         * On Linux somebody can still modify (use the cache file) between the
+         * fstat and unlink, on Windows (HS not supported there but still relevant)
+         * TOCTOU happens when closing the file descriptor and unlinking the file.
+         * Cache mechanism is best-effort and e.g. not pruning or pruning an extra
+         * cache file is not problematic.
+         * Stat is used here to ease file handling as fstat doesn't bring any benefit */
+        /* coverity[toctou] */
+        if (SCStatFn(path, &st) != 0 || !S_ISREG(st.st_mode))
             continue;
 
         considered++;
@@ -388,7 +396,9 @@ int SCHSCachePruneEvaluate(MpmConfig *mpm_conf, HashTable *inuse_caches)
         if (cache_inuse != NULL)
             continue; // in use
 
-        if (unlink(path) == 0) {
+        /* coverity[toctou] */
+        int ret = unlink(path);
+        if (ret == 0 || (ret == -1 && errno == ENOENT)) {
             removed++;
             SCLogDebug("File %s removed because of %s%s%s", path, prune_by_age ? "age" : "",
                     prune_by_age && prune_by_version ? " and " : "",