What is the CVSS score of CVE-2026-35368?

CVE-2026-35368 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of uutils coreutils are affected by CVE-2026-35368?

CVE-2026-35368 is a privilege escalation flaw in uutils coreutils chroot utility that allows low-privileged attackers with write access to inject malicious code and achieve root-level execution,…

uutils coreutils CVE-2026-35368

EUVD-2026-25016 HIGH

Untrusted Search Path (CWE-426)

2026-04-22 canonical

GHSA-mh5c-xrmh-m794

Privilege Escalation RCE

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 19:22 vuln.today

cvss_changed

Analysis Generated

Apr 23, 2026 - 06:49 vuln.today

CVSS changed

Apr 22, 2026 - 17:22 NVD

7.2 (HIGH) 7.8 (HIGH)

EUVD ID Assigned

Apr 22, 2026 - 16:31 euvd

EUVD-2026-25016

Analysis Generated

Apr 22, 2026 - 16:31 vuln.today

CVE Published

Apr 22, 2026 - 16:08 nvd

HIGH 7.8

DescriptionNVD

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch (NSS) to load shared libraries (e.g., libnss_*.so.2) from the new root directory. If the NEWROOT is writable by an attacker, they can inject a malicious NSS module to execute arbitrary code as root, facilitating a full container escape or privilege escalation.

AnalysisAI

Privilege escalation to root in uutils coreutils chroot utility allows low-privileged local attackers with write access to the chroot target directory to execute arbitrary code via malicious NSS module injection. The vulnerability triggers when --userspec option causes getpwnam() to load attacker-controlled shared libraries from the new root before dropping privileges, enabling container escape or full system compromise on glibc-based systems. …

RemediationAI

Within 24 hours: identify all systems running uutils coreutils chroot utility using which chroot and rpm -qa | grep coreutils or dpkg -l | grep coreutils; audit write permissions on all chroot target directories using find / -type d -writable 2>/dev/null. Within 7 days: restrict write permissions on chroot target directories to trusted administrators only; disable chroot functionality where not operationally necessary; implement mandatory access controls (AppArmor/SELinux) to block NSS module loading from within chroot contexts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-35368 vulnerability details – vuln.today

Back

uutils coreutils CVE-2026-35368

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code