CVE-2026-35365— uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35365
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion
Source: NVD (National Vulnerability Database)
Vulnerability Description
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
uutils coreutils 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在后置链接漏洞,该漏洞源于mv跨文件系统边界移动时错误处理包含符号链接的目录树,可能导致资源耗尽、敏感数据意外复制或无限递归。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35365
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35365
请登录查看更多情报信息。
Same Patch Batch · Uutils · 2026-04-22 · 44 CVEs total
| CVE-2026-35338 | 7.3 HIGH | uutils coreutils chmod Path Traversal Bypass of --preserve-root |
| CVE-2026-35368 | 7.2 HIGH | uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service S |
| CVE-2026-35341 | 7.1 HIGH | uutils coreutils mkfifo Unauthorized Permission Change on Existing Files |
| CVE-2026-35352 | 7.0 HIGH | uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition |
| CVE-2026-35349 | 6.7 MEDIUM | uutils coreutils Path-Based Safety Bypass with --preserve-root |
| CVE-2026-35350 | 6.6 MEDIUM | uutils coreutils cp Unexpected Privileged Executable Creation with -p |
| CVE-2026-35374 | 6.3 MEDIUM | uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) |
| CVE-2026-35355 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race |
| CVE-2026-35360 | 6.3 MEDIUM | uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition |
| CVE-2026-35356 | 6.3 MEDIUM | uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race |
| CVE-2026-35364 | 6.3 MEDIUM | uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition |
| CVE-2026-35363 | 5.6 MEDIUM | uutils coreutils rm Safeguard Bypass via Improper Path Normalization |
| CVE-2026-35380 | 5.5 MEDIUM | uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing |
| CVE-2026-35348 | 5.5 MEDIUM | uutils coreutils sort Local Denial of Service via Forced UTF-8 Parsing |
| CVE-2026-35369 | 5.5 MEDIUM | uutils coreutils kill System-wide Process Termination and Denial of Service via Argument M |
| CVE-2026-35340 | 5.5 MEDIUM | uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode |
| CVE-2026-35339 | 5.5 MEDIUM | uutils coreutils chmod False Success Exit Code in Recursive Mode |
| CVE-2026-35345 | 5.3 MEDIUM | uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race |
| CVE-2026-35372 | 5.0 MEDIUM | uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag |
| CVE-2026-35357 | 4.7 MEDIUM | uutils coreutils cp Information Disclosure via Permission Handling Race |
Showing top 20 of 44 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: coreutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
Same vendor: Uutils
- CVE-2026-35381
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35380
uutils coreutils cut Local Logic Error and Data Integrity Is - CVE-2026-35379
uutils coreutils tr Local Logic Error and Data Integrity Iss - CVE-2026-35378
uutils coreutils expr Local Denial of Service via Eager Eval - CVE-2026-35377
uutils coreutils env Local Denial of Service via Improper Ha
Same weakness: CWE-59
- CVE-2021-47949
CyberPanel 2.1 Authenticated Remote Code Execution via Symli - CVE-2026-41882
JetBrains IntelliJ IDEA 后置链接漏洞 - CVE-2026-27105
Dell Alienware Purchased Apps 后置链接漏洞 - CVE-2026-5161
Improper Authentication in TUBITAK BILGEM's Pardus About - CVE-2026-41397
OpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File
V. Comments for CVE-2026-35365
No comments yet