5.5

CVE-2026-35340

EPSS 0.14%
Veröffentlicht 22.04.2026 16:07:36
Zuletzt bearbeitet 04.05.2026 20:12:01
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Uutils ≫ Coreutils SwPlatformrust Version < 0.6.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@ubuntu.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-253 Incorrect Check of Function Return Value

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

https://github.com/uutils/coreutils/releases/tag/0.6.0

Release Notes

https://github.com/uutils/coreutils/pull/10035

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-35340

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35340

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35340

EUVD