Arbitrary Code Execution Vulnerability in Chroot Utility of Uutils Coreutils
CVE-2026-35368

7.2HIGH

Key Information:

Vendor: Uutils
Status: Coreutils
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-35368?

A vulnerability in the chroot utility of Uutils Coreutils arises when using the --userspec option, allowing attackers to invoke getpwnam() after entering the chroot environment, but before root privileges are dropped. This can result in the loading of shared libraries from the new root directory on glibc-based systems, creating an opportunity for an attacker to inject a malicious Name Service Switch (NSS) module. If the NEWROOT directory is writable by the attacker, this could lead to arbitrary code execution as root, enabling full container escape or privilege escalation.

References

https://github.com/uutils/coreutils/issues/10327

issue-tracking

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Zellic

CVE-2026-35368 Data

JSON