CVE-2026-35351— uutils coreutils mv Silent Ownership Loss in Cross-Device Operations
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35351
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
uutils coreutils mv Silent Ownership Loss in Cross-Device Operations
Source: NVD (National Vulnerability Database)
Vulnerability Description
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and migrations, causing files moved by a privileged user (e.g., root) to become root-owned unexpectedly, which can lead to information disclosure or restricted access for the intended owners.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
权限预留不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
uutils coreutils 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于mv实用程序在不同文件系统边界移动时未能保留文件所有权,实用程序回退到复制和删除例程,使用调用者的UID/GID而非源的元数据创建目标文件,此缺陷破坏备份和迁移,导致特权用户移动的文件意外变为root所有,可能造成信息泄露或限制预期所有者的访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35351
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35351
请登录查看更多情报信息。
Same Patch Batch · Uutils · 2026-04-22 · 44 CVEs total
| CVE-2026-35338 | 7.3 HIGH | uutils coreutils chmod Path Traversal Bypass of --preserve-root |
| CVE-2026-35368 | 7.2 HIGH | uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service S |
| CVE-2026-35341 | 7.1 HIGH | uutils coreutils mkfifo Unauthorized Permission Change on Existing Files |
| CVE-2026-35352 | 7.0 HIGH | uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition |
| CVE-2026-35349 | 6.7 MEDIUM | uutils coreutils Path-Based Safety Bypass with --preserve-root |
| CVE-2026-35350 | 6.6 MEDIUM | uutils coreutils cp Unexpected Privileged Executable Creation with -p |
| CVE-2026-35365 | 6.6 MEDIUM | uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion |
| CVE-2026-35360 | 6.3 MEDIUM | uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition |
| CVE-2026-35355 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race |
| CVE-2026-35356 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race |
| CVE-2026-35364 | 6.3 MEDIUM | uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition |
| CVE-2026-35374 | 6.3 MEDIUM | uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) |
| CVE-2026-35363 | 5.6 MEDIUM | uutils coreutils rm Safeguard Bypass via Improper Path Normalization |
| CVE-2026-35340 | 5.5 MEDIUM | uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode |
| CVE-2026-35339 | 5.5 MEDIUM | uutils coreutils chmod False Success Exit Code in Recursive Mode |
| CVE-2026-35348 | 5.5 MEDIUM | uutils coreutils sort Local Denial of Service via Forced UTF-8 Parsing |
| CVE-2026-35380 | 5.5 MEDIUM | uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing |
| CVE-2026-35369 | 5.5 MEDIUM | uutils coreutils kill System-wide Process Termination and Denial of Service via Argument M |
| CVE-2026-35345 | 5.3 MEDIUM | uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race |
| CVE-2026-35372 | 5.0 MEDIUM | uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag |
Showing top 20 of 44 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: coreutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
Same vendor: Uutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
Same weakness: CWE-281
V. Comments for CVE-2026-35351
No comments yet