CVE-2026-35370

Exploit

EPSS 0.11%
Veröffentlicht 22.04.2026 16:08:53
Zuletzt bearbeitet 04.05.2026 20:02:44
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely on the output of id to make security-critical access-control or permission decisions, this discrepancy can lead to unauthorized access or security misconfigurations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Uutils ≫ Coreutils Version- SwPlatformrust

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.014

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@ubuntu.com	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/uutils/coreutils/issues/10006

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-35370

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35370

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35370

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-35370