Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file (0644). In multi-user environments, this allows any user on the system to read the captured stdout/stderr output of a command, potentially exposing sensitive information. This behavior diverges from GNU coreutils, which creates nohup.out with owner-only (0600) permissions.
AnalysisAI
The nohup utility in uutils coreutils creates its default output file with world-readable permissions (0644) instead of owner-only (0600), allowing any local user to read captured stdout/stderr and access potentially sensitive information in multi-user systems. This information disclosure vulnerability affects all versions of uutils coreutils and diverges from the secure permission model implemented in GNU coreutils.
Technical ContextAI
The nohup utility is a POSIX-standard command that allows processes to continue running after the user logs out by redirecting output to a file (typically nohup.out). uutils coreutils is a Rust-based reimplementation of GNU coreutils. The vulnerability stems from CWE-732 (Incorrect Permission Assignment for Critical Resource): when nohup.out is created, the code fails to explicitly set restrictive file permissions via chmod() or umask manipulation, causing the file to inherit default umask-based permissions. In typical Linux environments with default umask 0022, this results in 0644 permissions (rw-r--r--). In contrast, GNU coreutils explicitly creates nohup.out with 0600 permissions (rw-------), restricting read access to the file owner only. This is a permission-based information disclosure affecting any process output redirected to nohup.out on systems running uutils coreutils.
RemediationAI
Upgrade to a patched version of uutils coreutils that explicitly sets nohup.out file permissions to 0600 at creation time. The exact patched version should be obtained from the uutils coreutils project releases. As a temporary compensating control in multi-user environments, system administrators can: (1) Configure global umask to 0077 (restrictive default), which will cause nohup.out to inherit 0600 permissions automatically-note this affects all file creation on the system and may break applications expecting world-readable files; (2) Manually post-create each nohup.out file with chmod 0600 nohup.out immediately after process start; (3) Restrict nohup usage via sudo rules or filesystem-level access controls to trusted users only; (4) Educate users to avoid redirecting sensitive output to nohup.out or use alternative logging mechanisms with explicit permission controls. The preferred fix is upgrading to the patched uutils coreutils version. Consult https://nvd.nist.gov/vuln/detail/CVE-2026-35367 and the uutils coreutils GitHub repository for patch release information.
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly ex
Privilege escalation to root in uutils coreutils chroot utility allows low-privileged local attackers with write access
Recursive chmod operations can bypass --preserve-root protection in uutils coreutils versions prior to 0.6.0, allowing l
Local privilege escalation in uutils coreutils mkfifo allows authenticated users to downgrade permissions on arbitrary f
Privilege escalation in uutils coreutils mkfifo utility allows local attackers with low privileges to manipulate file pe
Bypass of --preserve-root protection in uutils coreutils rm utility allows local users to recursively delete the root fi
The mv utility in uutils coreutils improperly expands symbolic links instead of preserving them during moves across file
The cp utility in uutils coreutils improperly preserves setuid and setgid bits when the chown operation fails during fil
The split utility in uutils coreutils contains a time-of-check to time-of-use (TOCTOU) race condition that allows local
A time-of-check to time-of-use (TOCTOU) race condition in the mv utility of uutils coreutils during cross-device move op
The touch utility in uutils coreutils suffers from a Time-of-Check to Time-of-Use (TOCTOU) race condition that allows lo
Privilege escalation via symlink attack in uutils coreutils install utility when using the -D flag allows local attacker
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25015
GHSA-5hgf-628x-mcqf