ChownExecutor Flaw in uutils Coreutils Affects File Ownership Operations
CVE-2026-35340

5.5MEDIUM

Key Information:

Vendor: Uutils
Status: Coreutils
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-35340?

A defect in the ChownExecutor of uutils coreutils affects the tools chown and chgrp, which are responsible for changing file ownership. During recursive operations, the utilities generate an exit code based solely on the last file processed. This can create scenarios where previous ownership changes fail due to permission issues, yet users receive a misleading exit code of 0, suggesting success. As a result, this vulnerability can lead to erroneous assumptions in administrative scripts regarding the success of ownership transfers across directories, potentially exposing systems to misconfigurations.

Affected Version(s)

coreutils Linux 0 < 0.6.0

References

https://github.com/uutils/coreutils/pull/10035

patchissue-tracking

https://github.com/uutils/coreutils/releases/tag/0.6.0

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Zellic

CVE-2026-35340 Data

JSON

Uutils

What is CVE-2026-35340?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit