22 matches found
CVE-2026-35338
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
CVE-2026-35349
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...
EUVD-2026-24981
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...
GHSA-V762-X3CF-5MFG uutils coreutils has a Link Following Issue Via rm Utility
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...
uutils coreutils has a Link Following Issue Via rm Utility
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...
EUVD-2026-24963
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
GHSA-9GQX-53GP-C8G3 uutils coreutils allows users to bypass the --preserve-root safety mechanism
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
uutils coreutils allows users to bypass the --preserve-root safety mechanism
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
CVE-2026-35349
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...
CVE-2026-35338
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
CVE-2026-35349
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...
CVE-2026-35349
CVE-2026-35349 affects the rm utility in uutils coreutils . The root cause is a path-string check used to identify the root directory instead of comparing device/inode numbers, allowing a symbolic link that resolves to "/" (e.g., "/tmp/rootlink -> /") to bypass --preserve-root. This can lead t...
CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
CVE-2026-35338
Summary: CVE-2026-35338 affects the chmod utility in the uutils coreutils package. The vulnerability arises because the implementation only checks if the target path is exactly “/” and does not canonicalize the path, allowing path variants like “/../” or symbolic links to bypass --preserve-root. ...
CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
CVE-2026-35338
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
PT-2026-34474
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
uutils coreutils 路径遍历漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils. uutils coreutils has a path traversal vulnerability. This vulnerability stems from the chmod utility, which allows users to bypass the --preserve-root security mechanism. As a result, it only verifies whether the...
uutils coreutils 后置链接漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a post-installation link vulnerability. This vulnerability stems from the rm utility allowing bypass of the --preserve-root protection. Instead of using device and inode numbers fo...
PT-2026-34485
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...