Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

coreutils — Vulnerabilities & Security Advisories 44

All 44 CVE vulnerabilities found in coreutils, with AI-generated Chinese analysis, references, and POCs.

This page aggregates common weakness types associated with the coreutils product from the GNU project vendor. It serves as a centralized resource for tracking security issues identified in this essential command-line utility suite, providing a structured overview of known vulnerabilities without delving into marketing narratives or welcoming boilerplate. The content collected herein encompasses various vulnerability categories, including buffer overflows, race conditions, input validation errors, and privilege escalation flaws, covering reported incidents from early 2000 to the present day. By consolidating data from multiple tracking sources, this aggregation ensures a comprehensive historical record of security defects affecting coreutils across different releases and distributions. Readers can utilize this page to track vendor advisories issued by GNU and other distributors, allowing them to stay informed about patch availability and remediation steps. Additionally, users can gain a deeper understanding of specific weakness classes by observing how they manifest within the coreutils codebase, such as improper handling of symbolic links or insecure temporary file creation. The page also facilitates looking up a product's vulnerability history, enabling security professionals to analyze trends and assess the long-term security posture of this widely used system utility. This approach supports informed decision-making for system administrators and developers who need to maintain secure environments. The information presented is intended strictly for technical reference and risk assessment purposes, offering a clear, factual perspective on the security landscape of coreutils. Users are encouraged to verify all details against official vendor sources for the most accurate and up-to-date guidance.

Vendor: Uutils

CVE IDTitleCVSSSeverityPublished
CVE-2026-35381 uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering CWE-684 3.3 Low2026-04-22
CVE-2026-35380 uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing CWE-20 5.5 Medium2026-04-22
CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling CWE-684 3.3 Low2026-04-22
CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions CWE-768 3.3 Low2026-04-22
CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode CWE-20 3.3 Low2026-04-22
CVE-2026-35376 uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition CWE-367 4.5 Medium2026-04-22
CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding CWE-176 3.3 Low2026-04-22
CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition CWE-367 6.3 Medium2026-04-22
CVE-2026-35373 uutils coreutils ln Local Denial of Service via Improper Handling of Non-UTF-8 Filenames CWE-176 3.3 Low2026-04-22
CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag CWE-61 5.0 Medium2026-04-22
CVE-2026-35371 uutils coreutils id Misleading Identity Reporting in Pretty Print Mode CWE-451 3.3 Low2026-04-22
CVE-2026-35370 uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership CWE-863 4.4 Medium2026-04-22
CVE-2026-35369 uutils coreutils kill System-wide Process Termination and Denial of Service via Argument Misinterpretation CWE-20 5.5 Medium2026-04-22
CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection CWE-426 7.2 High2026-04-22
CVE-2026-35367 uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions CWE-732 3.3 Low2026-04-22
CVE-2026-35366 uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement CWE-754 4.4 Medium2026-04-22
CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion CWE-59 6.6 Medium2026-04-22
CVE-2026-35364 uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition CWE-367 6.3 Medium2026-04-22
CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization CWE-22 5.6 Medium2026-04-22
CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module CWE-367 3.6 Low2026-04-22
CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems CWE-281 3.4 Low2026-04-22
CVE-2026-35360 uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition CWE-367 6.3 Medium2026-04-22
CVE-2026-35359 uutils coreutils cp Information Disclosure via Time-of-Check to Time-of-Use Symlink Swap CWE-367 4.7 Medium2026-04-22
CVE-2026-35358 uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading CWE-706 4.4 Medium2026-04-22
CVE-2026-35357 uutils coreutils cp Information Disclosure via Permission Handling Race CWE-367 4.7 Medium2026-04-22
CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race CWE-367 6.3 Medium2026-04-22
CVE-2026-35355 uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race CWE-367 6.3 Medium2026-04-22
CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device CWE-367 4.7 Medium2026-04-22
CVE-2026-35353 uutils coreutils mkdir Permission Exposure Race Condition with -m CWE-367 3.3 Low2026-04-22
CVE-2026-35352 uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition CWE-367 7.0 High2026-04-22

All 44 known CVE vulnerabilities affecting coreutils with full Chinese analysis, references, and POCs where available.