Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-35365

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-22 Apr, 2026 | 16:08
Updated At-22 Apr, 2026 | 17:59
Rejected At-
Credits

uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:22 Apr, 2026 | 16:08
Updated At:22 Apr, 2026 | 17:59
Rejected At:
▼CVE Numbering Authority (CNA)
uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.

Affected Products
Vendor
Uutils
Product
coreutils
Collection URL
https://github.com/uutils
Package Name
coreutils
Repo
https://github.com/uutils/coreutils
Platforms
  • Linux
  • Unix
  • macOS
Default Status
unaffected
Versions
Affected
  • From 0 before 0.7.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-59CWE-59: Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-59
Description: CWE-59: Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-132CAPEC-132: Symlink Attack
CAPEC ID: CAPEC-132
Description: CAPEC-132: Symlink Attack
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Zellic
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/uutils/coreutils/pull/10546
issue-tracking
patch
https://github.com/uutils/coreutils/releases/tag/0.7.0
vendor-advisory
Hyperlink: https://github.com/uutils/coreutils/pull/10546
Resource:
issue-tracking
patch
Hyperlink: https://github.com/uutils/coreutils/releases/tag/0.7.0
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:22 Apr, 2026 | 17:16
Updated At:04 May, 2026 | 18:53

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CPE Matches
uutils
uutils
>>coreutils>>Versions before 0.7.0(exclusive)
cpe:2.3:a:uutils:coreutils:*:*:*:*:*:rust:*:*
Weaknesses
CWE IDTypeSource
CWE-59Secondarysecurity@ubuntu.com
CWE ID: CWE-59
Type: Secondary
Source: security@ubuntu.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/uutils/coreutils/pull/10546security@ubuntu.com
Issue Tracking
Patch
https://github.com/uutils/coreutils/releases/tag/0.7.0security@ubuntu.com
Release Notes
Hyperlink: https://github.com/uutils/coreutils/pull/10546
Source: security@ubuntu.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/uutils/coreutils/releases/tag/0.7.0
Source: security@ubuntu.com
Resource:
Release Notes

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2026-35350
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 1.74%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 16:08
Updated-24 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uutils coreutils cp Unexpected Privileged Executable Creation with -p

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining original privileged bits, creating unexpected privileged executables that violate local security policies. This differs from GNU cp, which clears these bits when ownership cannot be preserved.

Action-Not Available
Vendor-uutilsUutils
Product-coreutilscoreutils
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2026-35345
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.64%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 16:07
Updated-04 May, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the contents of the link's target. In environments where a privileged user (e.g., root) monitors a log directory, a local attacker with write access to that directory can replace a log file with a symlink to a sensitive system file (such as /etc/shadow), causing tail to disclose the contents of the sensitive file.

Action-Not Available
Vendor-uutilsUutils
Product-coreutilscoreutils
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-35359
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.30%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 16:08
Updated-24 Apr, 2026 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uutils coreutils cp Information Disclosure via Time-of-Check to Time-of-Use Symlink Swap

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O_NOFOLLOW flag. An attacker with concurrent write access can swap a regular file for a symbolic link during this window, causing a privileged cp process to copy the contents of arbitrary sensitive files into a destination controlled by the attacker.

Action-Not Available
Vendor-uutilsUutils
Product-coreutilscoreutils
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-35349
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.96%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 16:07
Updated-27 Apr, 2026 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uutils coreutils Path-Based Safety Bypass with --preserve-root

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symbolic link that resolves to the root directory (e.g., /tmp/rootlink -> /), potentially leading to the unintended recursive deletion of the entire root filesystem.

Action-Not Available
Vendor-uutilsUutils
Product-coreutilscoreutils
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
Details not found