Vulnerability in Uutils Coreutils
CVE-2026-35365
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real…
EPSS: 0.000 (3.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L.
Affected products
- Uutils Coreutils — versions 0
Weakness classification (CWE)
References
- security@ubuntu.com (issue-tracking, Patch, patch, Issue Tracking)
- security@ubuntu.com (vendor-advisory, Release Notes)
Frequently asked questions
- What is CVE-2026-35365?
- CVE-2026-35365 is a medium-severity vulnerability in Uutils Coreutils, classified under Improper Link Resolution Before File Access. CVSS score: 6.6/10. Published 2026-04-22.
- How severe is CVE-2026-35365?
- Medium severity. CVSS v3 base score is 6.6 out of 10.