uutils coreutils CVE-2026-35371

| EUVD-2026-25019 LOW
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2026-04-22 canonical GHSA-53gr-wmf4-8hh3
Information Disclosure Coreutils
3.3
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 23, 2026 - 07:00 vuln.today

DescriptionNVD

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control.

AnalysisAI

The id utility in uutils coreutils displays incorrect effective user information in its pretty-print output when real and effective UIDs differ, using the effective GID instead of effective UID for name lookup. This causes misleading diagnostic output that could lead system administrators or automated scripts to make incorrect access control decisions, though impact is limited to information disclosure with no direct code execution or system compromise.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-35371 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy