CVE-2026-35371
Last modified
CVE-2026-35371 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Uutils | Coreutils | All versions |
References
- https://github.com/uutils/coreutils/issues/10006Exploit, Issue Tracking
- https://github.com/uutils/coreutils/issues/10006Exploit, Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-35371?
How severe is CVE-2026-35371?
How do I fix CVE-2026-35371?
Are you affected by CVE-2026-35371?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST