Description

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.

INFO

Published Date :

2026-04-22T16:08:41.136Z

Last Modified :

2026-04-22T17:59:34.571Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35365 vulnerability.

Vendors Products
Uutils
  • Coreutils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35365.

URL Resource
https://github.com/uutils/coreutils/pull/10546 cve-icon cve-icon
https://github.com/uutils/coreutils/releases/tag/0.7.0 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact