Description

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely on the output of id to make security-critical access-control or permission decisions, this discrepancy can lead to unauthorized access or security misconfigurations.

INFO

Published Date :

2026-04-22T16:08:53.652Z

Last Modified :

2026-04-22T17:47:48.546Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35370 vulnerability.

Vendors Products
Uutils
  • Coreutils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35370.

URL Resource
https://github.com/uutils/coreutils/issues/10006 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact