CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/22 4:8 p.m.•4 views

CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.7AI score0.00125EPSS

Exploits1References1

Debian CVE•added 2026/04/22 4:8 p.m.•1 views

CVE-2026-35350

6.6CVSS5.3AI score0.00125EPSS

Vulnrichment•added 2026/04/22 4:7 p.m.•4 views

CVE-2026-35349 uutils coreutils Path-Based Safety Bypass with --preserve-root

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

6.7CVSS5.8AI score0.00184EPSS

Debian CVE•added 2026/04/22 4:7 p.m.•2 views

CVE-2026-35348

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

5.5CVSS5.3AI score0.00134EPSS

Cvelist•added 2026/04/22 4:7 p.m.•28 views

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS0.00134EPSS

ATTACKERKB•added 2026/04/22 4:7 p.m.•3 views

CVE-2026-35347

4.4CVSS5.7AI score0.00134EPSS

Exploits0References3

Debian CVE•added 2026/04/22 4:7 p.m.•3 views

CVE-2026-35347

4.4CVSS5.3AI score0.00134EPSS

Debian CVE•added 2026/04/22 4:7 p.m.•2 views

CVE-2026-35346

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS5.3AI score0.00175EPSS

Debian CVE•added 2026/04/22 4:7 p.m.•5 views

CVE-2026-35345

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...

5.3CVSS5.3AI score0.00096EPSS

ATTACKERKB•added 2026/04/22 4:7 p.m.•1 views

CVE-2026-35344

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

3.3CVSS5.8AI score0.00115EPSS

Debian CVE•added 2026/04/22 4:7 p.m.•3 views

CVE-2026-35344

3.3CVSS5.5AI score0.00115EPSS

CVE•added 2026/04/22 4:7 p.m.•6 views

CVE-2026-35344

The CVE describes a flaw in the dd utility from uutils coreutils: when truncating files, it unconditionally calls Result::ok(), suppressing errors. This behavior mirrors GNU for special files like /dev/null but also hides failures on regular files or directories caused by full disks or read-only ...

3.3CVSS5.8AI score0.00115EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/22 4:7 p.m.•2 views

CVE-2026-35343 uutils coreutils cut Inconsistent Output Suppression with Newline Delimiters

The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...

3.3CVSS5.8AI score0.00135EPSS

Debian CVE•added 2026/04/22 4:7 p.m.•4 views

CVE-2026-35343

3.3CVSS5.3AI score0.00135EPSS

Vulnrichment•added 2026/04/22 4:7 p.m.•1 views

CVE-2026-35341 uutils coreutils mkfifo Unauthorized Permission Change on Existing Files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.9AI score0.00165EPSS

Exploits1References1

Debian CVE•added 2026/04/22 4:7 p.m.•3 views

CVE-2026-35339

The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...

5.5CVSS5.5AI score0.00142EPSS