Exfiltration Vulnerability in uutils Coreutils Tail Utility
CVE-2026-35345

5.3MEDIUM

Key Information:

Vendor: Uutils
Status: Coreutils
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-35345?

A flaw in the tail utility of uutils coreutils permits attackers to exfiltrate sensitive file contents by exploiting the --follow=name option. Unlike its GNU counterpart, the uutils version continues to track the file path even after it is replaced with a symbolic link. This allows a local user with write permissions in a monitored directory to substitute a log file with a symlink to a sensitive file (e.g., /etc/shadow), resulting in the unintended disclosure of critical file contents. This vulnerability could expose sensitive information, impacting overall system security.

References

https://github.com/uutils/coreutils/issues/10328

issue-tracking

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Zellic

CVE-2026-35345 Data

JSON

Uutils

What is CVE-2026-35345?

References

CVSS V3.1

Timeline

Credit