Data Corruption Vulnerability in uutils Coreutils by Vendor uutils
CVE-2026-35344

3.3LOW

Key Information:

Vendor: Uutils
Status: Coreutils
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-35344?

The dd utility in uutils coreutils inadvertently masks errors during file truncation by always returning a success result, even when errors occur due to constraints like full disks or read-only filesystems. While this behavior is designed to be consistent with GNU’s handling of special files such as /dev/null, it can lead to significant issues with regular files and directories. This flaw poses a risk in backup or migration scenarios, where operations may be reported as successful despite resulting in old or corrupt data being stored, potentially causing severe data integrity problems.

References

https://github.com/uutils/coreutils/issues/9745

issue-tracking

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Zellic

CVE-2026-35344 Data

JSON

Uutils

What is CVE-2026-35344?

References

CVSS V3.1

Timeline

Credit