4.7
CVE-2026-35354 - uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with wrβ¦
3.3
CVE-2026-35353 - uutils coreutils mkdir Permission Exposure Race Condition with -m
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces β¦
7
CVE-2026-35352 - uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic linkβ¦
4.2
CVE-2026-35351 - uutils coreutils mv Silent Ownership Loss in Cross-Device Operations
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and mβ¦
6.6
CVE-2026-35350 - uutils coreutils cp Unexpected Privileged Executable Creation with -p
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining originβ¦
6.7
CVE-2026-35349 - uutils coreutils Path-Based Safety Bypass with --preserve-root
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symβ¦
5.5
CVE-2026-35348 - uutils coreutils sort Local Denial of Service via Forced UTF-8 Parsing
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but non-UTF-8 paths. This divergβ¦
4.4
CVE-2026-35347 - uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input patβ¦
3.3
CVE-2026-35346 - uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior differs from GNU comm, β¦
5.3
CVE-2026-35345 - uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the conteβ¦