{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35339", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-04-02T12:58:56.086Z", "datePublished": "2026-04-22T16:07:33.703Z", "dateUpdated": "2026-04-22T18:13:40.854Z"}, "containers": {"cna": {"title": "uutils coreutils chmod False Success Exit Code in Recursive Mode", "affected": [{"vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "collectionURL": "https://github.com/uutils", "packageName": "coreutils", "repo": "https://github.com/uutils/coreutils", "versions": [{"status": "affected", "lessThan": "0.6.0", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-253", "description": "CWE-253: Incorrect Check of Function Return Value", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-184", "descriptions": [{"lang": "en", "value": "CAPEC-184: Software Integrity Attack"}]}], "descriptions": [{"lang": "en", "value": "The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions."}], "references": [{"url": "https://github.com/uutils/coreutils/pull/9793", "tags": ["patch", "issue-tracking"]}, {"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}}], "credits": [{"lang": "en", "value": "Zellic", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:07:33.703Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T18:13:28.800322Z", "id": "CVE-2026-35339", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:13:40.854Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35339", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T18:13:28.800322Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:13:33.839Z"}}], "cna": {"title": "uutils coreutils chmod False Success Exit Code in Recursive Mode", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Zellic"}], "impacts": [{"capecId": "CAPEC-184", "descriptions": [{"lang": "en", "value": "CAPEC-184: Software Integrity Attack"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/uutils/coreutils", "vendor": "Uutils", "product": "coreutils", "versions": [{"status": "affected", "version": "0", "lessThan": "0.6.0", "versionType": "semver"}], "platforms": ["Linux", "Unix", "macOS"], "packageName": "coreutils", "collectionURL": "https://github.com/uutils", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/uutils/coreutils/pull/9793", "tags": ["patch", "issue-tracking"]}, {"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-253", "description": "CWE-253: Incorrect Check of Function Return Value"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:07:33.703Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35339", "state": "PUBLISHED", "dateUpdated": "2026-04-22T18:13:40.854Z", "dateReserved": "2026-04-02T12:58:56.086Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2026-04-22T16:07:33.703Z", "assignerShortName": "canonical"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uutils:coreutils:*:*:*:*:*:rust:*:*", "matchCriteriaId": "87C33018-2E08-45B0-B69C-7FC224F7F883", "versionEndExcluding": "0.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions."}], "id": "CVE-2026-35339", "lastModified": "2026-05-04T20:14:43.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2026-04-22T17:16:35.767", "references": [{"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/uutils/coreutils/pull/9793"}, {"source": "security@ubuntu.com", "tags": ["Release Notes"], "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-253"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "unix", "macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "coreutils", "source": "cna", "vendor": "Uutils"}, "product": "coreutils", "vendor": "uutils"}], "analysis": {"en": {"generated_at": "2026-04-22T18:18:20.786854+00:00", "value": {"mitigation_remediation": ["Upgrade uutils coreutils to version 0.6.0 or later where the exit\u2011code handling is corrected.", "Modify scripts that use recursive chmod to perform additional checks, such as inspecting logged errors or verifying file permissions after execution.", "Implement a periodic audit of file permissions, especially for directories that are frequently modified through chmod -R, to detect any unintended restrictions.", "Consider restricting the use of recursive chmod to trusted users or applying stricter permission controls on critical files to reduce the impact of any accidental misconfiguration."], "summary": {"action": "Immediate Patch", "impact": "Inaccurate exit codes can mask permission errors when chmod is run in recursive mode."}, "threat_synthesis": {"affected_systems": "The vulnerability affects uutils coreutils, specifically versions before the 0.6.0 release that contains the fix. Any environment that uses uutils coreutils to set file permissions recursively is potentially impacted.", "description_and_impact": "The recursive mode of chmod in uutils coreutils incorrectly sets the command\u2019s exit status based solely on the last file processed. If any preceding file triggers an error such as \"Operation not permitted\", the utility still returns 0, signaling success. Scripts that rely on that status flag may continue with flawed permissions on sensitive files, allowing misconfigured security settings. This flaw is an example of CWE\u2011253, Wrong Value Used for Comparison.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. No EPSS score is reported, and the vulnerability is not yet listed in CISA\u2019s KEV catalog. Exploitation requires local access to the target system to invoke chmod in recursive mode. An attacker could run chmod -R on a directory, cause scripts to proceed under a false sense of success, and thereby leave sensitive files with incorrect or overly restrictive permissions. The primary risk is permission misconfiguration that could enable privilege escalation or accidental data exposure."}}}}, "created": "2026-04-22T18:30:23.752062+00:00", "updated": "2026-04-27T19:54:49.645243+00:00", "vendors": ["uutils", "uutils$PRODUCT$coreutils"]}