CVE-2026-35351
Last modified
CVE-2026-35351 is a medium-severity vulnerability rated 4.2/10 on the CVSS scale. The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and migrations, causing files moved by a privileged user (e.g., root) to become root-owned unexpectedly, which can lead to information disclosure or restricted access for the intended owners.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Uutils | Coreutils | All versions |
References
- https://github.com/uutils/coreutils/issues/9714Exploit, Issue Tracking, Vendor Advisory
- https://github.com/uutils/coreutils/issues/9714Exploit, Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-35351?
How severe is CVE-2026-35351?
How do I fix CVE-2026-35351?
Are you affected by CVE-2026-35351?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST