Uutils Coreutils
44 CVEs affecting Uutils Coreutils. Latest disclosed: 2026-04-22. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35338 | High | 7.3 | 2026-04-22 | A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the… |
CVE-2026-35368 | High | 7.2 | 2026-04-22 | A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() a… |
CVE-2026-35341 | High | 7.1 | 2026-04-22 | A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO becaus… |
CVE-2026-35352 | High | 7.0 | 2026-04-22 | A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-ba… |
CVE-2026-35349 | Medium | 6.7 | 2026-04-22 | A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather tha… |
CVE-2026-35365 | Medium | 6.6 | 2026-04-22 | The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preservin… |
CVE-2026-35350 | Medium | 6.6 | 2026-04-22 | The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag… |
CVE-2026-35374 | Medium | 6.3 | 2026-04-22 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking fo… |
CVE-2026-35364 | Medium | 6.3 | 2026-04-22 | A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the des… |
CVE-2026-35360 | Medium | 6.3 | 2026-04-22 | The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies… |
CVE-2026-35356 | Medium | 6.3 | 2026-04-22 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent dire… |
CVE-2026-35355 | Medium | 6.3 | 2026-04-22 | The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation un… |
CVE-2026-35363 | Medium | 5.6 | 2026-04-22 | A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility co… |
CVE-2026-35380 | Medium | 5.5 | 2026-04-22 | A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty… |
CVE-2026-35369 | Medium | 5.5 | 2026-04-22 | An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. S… |
CVE-2026-35340 | Medium | 5.5 | 2026-04-22 | A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The fin… |
CVE-2026-35339 | Medium | 5.5 | 2026-04-22 | The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is deter… |
CVE-2026-35348 | Medium | 5.5 | 2026-04-22 | The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The imple… |
CVE-2026-35345 | Medium | 5.3 | 2026-04-22 | A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU… |
CVE-2026-35372 | Medium | 5.0 | 2026-04-22 | A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is exp… |