CVE-2026-35339
Last modified
CVE-2026-35339 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Uutils | Coreutils | < 0.6.0 |
References
- https://github.com/uutils/coreutils/pull/9793Issue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-35339?
How severe is CVE-2026-35339?
How do I fix CVE-2026-35339?
Are you affected by CVE-2026-35339?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST