CVE-2026-35340 (GCVE-0-2026-35340)

Vulnerability from cvelistv5 – Published: 2026-04-22 16:07 – Updated: 2026-04-22 18:14
VLAI?
Title
uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode
Summary
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE
  • CWE-253 - Incorrect Check of Function Return Value
Assigner
References
Impacted products
Vendor Product Version
Uutils coreutils Affected: 0 , < 0.6.0 (semver)
Create a notification for this product.
Credits
Zellic
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35340",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T18:14:17.886908Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T18:14:26.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/uutils",
          "defaultStatus": "unaffected",
          "packageName": "coreutils",
          "platforms": [
            "Linux",
            "Unix",
            "macOS"
          ],
          "product": "coreutils",
          "repo": "https://github.com/uutils/coreutils",
          "vendor": "Uutils",
          "versions": [
            {
              "lessThan": "0.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zellic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-184",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-184: Software Integrity Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253: Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T16:07:36.708Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch",
            "issue-tracking"
          ],
          "url": "https://github.com/uutils/coreutils/pull/10035"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2026-35340",
    "datePublished": "2026-04-22T16:07:36.708Z",
    "dateReserved": "2026-04-02T12:58:56.086Z",
    "dateUpdated": "2026-04-22T18:14:26.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-35340",
      "date": "2026-04-23",
      "epss": "0.00012",
      "percentile": "0.01915"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-35340\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2026-04-22T17:16:35.923\",\"lastModified\":\"2026-04-22T21:23:52.620\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-253\"}]}],\"references\":[{\"url\":\"https://github.com/uutils/coreutils/pull/10035\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://github.com/uutils/coreutils/releases/tag/0.6.0\",\"source\":\"security@ubuntu.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode\", \"affected\": [{\"vendor\": \"Uutils\", \"product\": \"coreutils\", \"platforms\": [\"Linux\", \"Unix\", \"macOS\"], \"collectionURL\": \"https://github.com/uutils\", \"packageName\": \"coreutils\", \"repo\": \"https://github.com/uutils/coreutils\", \"versions\": [{\"status\": \"affected\", \"lessThan\": \"0.6.0\", \"version\": \"0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-253\", \"description\": \"CWE-253: Incorrect Check of Function Return Value\", \"type\": \"CWE\"}]}], \"impacts\": [{\"capecId\": \"CAPEC-184\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-184: Software Integrity Attack\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.\"}], \"references\": [{\"url\": \"https://github.com/uutils/coreutils/pull/10035\", \"tags\": [\"patch\", \"issue-tracking\"]}, {\"url\": \"https://github.com/uutils/coreutils/releases/tag/0.6.0\", \"tags\": [\"vendor-advisory\"]}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"version\": \"3.1\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"baseSeverity\": \"MEDIUM\", \"baseScore\": 5.5, \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\"}}], \"credits\": [{\"lang\": \"en\", \"value\": \"Zellic\", \"type\": \"finder\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"providerMetadata\": {\"orgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"shortName\": \"canonical\", \"dateUpdated\": \"2026-04-22T16:07:36.708Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-35340\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-22T18:14:17.886908Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-22T18:14:22.272Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-35340\", \"assignerOrgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"canonical\", \"dateReserved\": \"2026-04-02T12:58:56.086Z\", \"datePublished\": \"2026-04-22T16:07:36.708Z\", \"dateUpdated\": \"2026-04-22T18:14:26.690Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.