Improper Handling of Exit Codes in uutils coreutils Chmod Utility
CVE-2026-35339

5.5MEDIUM

Key Information:

Vendor: Uutils
Status: Coreutils
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-35339?

The chmod utility in uutils coreutils can mismanage exit codes during its recursive operation. Specifically, when applying permissions to multiple files, it only reports the success or failure of the last file. As a result, errors encountered on prior files can go undetected, leading to unintended file permission settings. This may permit scripts to believe that all operations were successful, potentially leaving sensitive files with incorrect permissions and thus posing a security risk.

Affected Version(s)

coreutils Linux 0 < 0.6.0

References

https://github.com/uutils/coreutils/pull/9793

patchissue-tracking

https://github.com/uutils/coreutils/releases/tag/0.6.0

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Zellic

CVE-2026-35339 Data

JSON

Uutils

What is CVE-2026-35339?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit