5.5

CVE-2026-35339

EPSS 0.14%
Veröffentlicht 22.04.2026 16:07:33
Zuletzt bearbeitet 04.05.2026 20:14:43
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

uutils coreutils chmod False Success Exit Code in Recursive Mode

The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Uutils ≫ Coreutils SwPlatformrust Version < 0.6.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@ubuntu.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-253 Incorrect Check of Function Return Value

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

https://github.com/uutils/coreutils/releases/tag/0.6.0

Release Notes

https://github.com/uutils/coreutils/pull/9793

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-35339

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35339

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35339

EUVD