Data Manipulation Issue in uutils coreutils by uutils
CVE-2026-35343

3.3LOW

Key Information:

Vendor: Uutils
Status: Coreutils
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-35343?

The cut utility within uutils coreutils has a data manipulation issue where the -s (only-delimited) option does not function correctly when a newline character is used as the delimiter. This oversight arises from a failure to validate the only_delimited flag in the cut_fields_newline_char_delim function, allowing the utility to output non-delimited lines that are meant to be suppressed. As a result, scripts that depend on precise output may receive unintended data, potentially causing further complications in data processing and integrity.

Affected Version(s)

coreutils Linux 0 < 0.8.0

References

https://github.com/uutils/coreutils/pull/11143

patchissue-tracking

https://github.com/uutils/coreutils/releases/tag/0.7.0

vendor-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Zellic

CVE-2026-35343 Data

JSON

Uutils

What is CVE-2026-35343?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit