CVE-2026-35371 — LOW (3.3) — White Hats Nepal

Vulnerability Description

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Uutils	Coreutils	-

Related Weaknesses (CWE)

CWE-451

References

https://github.com/uutils/coreutils/issues/10006ExploitIssue Tracking
https://github.com/uutils/coreutils/issues/10006ExploitIssue Tracking

FAQ

What is CVE-2026-35371?

CVE-2026-35371 is a vulnerability with a CVSS score of 3.3 (LOW). The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of...

How severe is CVE-2026-35371?

CVE-2026-35371 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-35371?

Check the references section above for vendor advisories and patch information. Affected products include: Uutils Coreutils.