ByteOS Network

NVD Vulnerability Details :

CVE-2026-35340

Analyzed

Source-security@ubuntu.com

Published At-22 Apr, 2026 | 17:16

Updated At-04 May, 2026 | 20:12

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CPE Matches

uutils>>coreutils>>Versions before 0.6.0(exclusive)

cpe:2.3:a:uutils:coreutils:*:*:*:*:*:rust:*:*

Weaknesses

CWE ID	Type	Source
CWE-253	Secondary	security@ubuntu.com

CWE ID: CWE-253

Type: Secondary

Source: security@ubuntu.com

References

Hyperlink	Source	Resource
https://github.com/uutils/coreutils/pull/10035	security@ubuntu.com	Issue Tracking Patch
https://github.com/uutils/coreutils/releases/tag/0.6.0	security@ubuntu.com	Release Notes

Hyperlink: https://github.com/uutils/coreutils/pull/10035

Source: security@ubuntu.com

Resource:

Issue Tracking

Patch

Hyperlink: https://github.com/uutils/coreutils/releases/tag/0.6.0

Source: security@ubuntu.com

Resource:

Release Notes

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History