Description

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms (e.g., ln SOURCE... DIRECTORY). While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation enforces UTF-8 encoding, resulting in a failure to stat the file and a non-zero exit code. In environments where automated scripts or system tasks process valid but non-UTF-8 filenames common on Unix filesystems, this divergence causes the utility to fail, leading to a local denial of service for those specific operations.

INFO

Published Date :

2026-04-22T16:09:01.705Z

Last Modified :

2026-04-22T17:20:29.756Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35373 vulnerability.

Vendors Products
Uutils
  • Coreutils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35373.

URL Resource
https://github.com/uutils/coreutils/pull/11403 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact