Argument Parsing Flaw in uutils coreutils Kill Utility
CVE-2026-35369

5.5MEDIUM

Key Information:

Vendor: Uutils
Status: Coreutils
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-35369?

An issue in the kill utility of uutils coreutils arises from a failure to properly interpret the argument '-1'. When the command 'kill -1' is invoked, it mistakenly attempts to send the default termination signal (SIGTERM) to process ID -1. This erroneous interpretation causes the kernel to terminate all visible processes for the caller, which can lead to significant system instability or an unexpected system crash. This behavior contrasts with GNU coreutils, which accurately recognizes -1 as an invalid signal number and instead would indicate that a PID argument is missing.

Affected Version(s)

coreutils Linux 0 < 0.6.0

References

https://github.com/uutils/coreutils/pull/9700

issue-trackingpatch

https://github.com/uutils/coreutils/releases/tag/0.6.0

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Zellic

CVE-2026-35369 Data

JSON

Uutils

What is CVE-2026-35369?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit