{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35369", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-04-02T12:58:56.088Z", "datePublished": "2026-04-22T16:08:51.268Z", "dateUpdated": "2026-04-22T17:48:32.873Z"}, "containers": {"cna": {"title": "uutils coreutils kill System-wide Process Termination and Denial of Service via Argument Misinterpretation", "affected": [{"vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "collectionURL": "https://github.com/uutils", "packageName": "coreutils", "repo": "https://github.com/uutils/coreutils", "versions": [{"status": "affected", "lessThan": "0.6.0", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153: Input Data Manipulation"}]}], "descriptions": [{"lang": "en", "value": "An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massive process termination. This differs from GNU coreutils, which correctly recognizes -1 as a signal number in this context and would instead report a missing PID argument."}], "references": [{"url": "https://github.com/uutils/coreutils/pull/9700", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Zellic", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:08:51.268Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T17:48:28.089001Z", "id": "CVE-2026-35369", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:48:32.873Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35369", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T17:48:28.089001Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:48:30.050Z"}}], "cna": {"title": "uutils coreutils kill System-wide Process Termination and Denial of Service via Argument Misinterpretation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Zellic"}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153: Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/uutils/coreutils", "vendor": "Uutils", "product": "coreutils", "versions": [{"status": "affected", "version": "0", "lessThan": "0.6.0", "versionType": "semver"}], "platforms": ["Linux", "Unix", "macOS"], "packageName": "coreutils", "collectionURL": "https://github.com/uutils", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/uutils/coreutils/pull/9700", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massive process termination. This differs from GNU coreutils, which correctly recognizes -1 as a signal number in this context and would instead report a missing PID argument."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:08:51.268Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35369", "state": "PUBLISHED", "dateUpdated": "2026-04-22T17:48:32.873Z", "dateReserved": "2026-04-02T12:58:56.088Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2026-04-22T16:08:51.268Z", "assignerShortName": "canonical"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uutils:coreutils:*:*:*:*:*:rust:*:*", "matchCriteriaId": "87C33018-2E08-45B0-B69C-7FC224F7F883", "versionEndExcluding": "0.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massive process termination. This differs from GNU coreutils, which correctly recognizes -1 as a signal number in this context and would instead report a missing PID argument."}], "id": "CVE-2026-35369", "lastModified": "2026-05-04T18:50:23.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2026-04-22T17:16:40.687", "references": [{"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/uutils/coreutils/pull/9700"}, {"source": "security@ubuntu.com", "tags": ["Release Notes"], "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "unix", "macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "coreutils", "source": "cna", "vendor": "Uutils"}, "product": "coreutils", "vendor": "uutils"}], "analysis": {"en": {"generated_at": "2026-04-27T08:38:41.933400+00:00", "value": {"mitigation_remediation": ["Upgrade uutils coreutils to version 0.6.0 or later, which corrects the argument parsing of the kill command.", "Avoid using the kill command with the argument \"-1\"; if a system must use this syntax, employ explicit signal names to trigger the error handling in the implementation.", "Restrict execution permissions for the uutils kill binary or remove it from untrusted user environments, and consider using GNU coreutils on critical systems, which correctly handles the edge case."], "summary": {"action": "Apply Patch", "impact": "Massive Process Termination and Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the uutils coreutils package, specifically the kill command. No specific version range is listed in the CVE entry, but related information points to a pull request and the release tag 0.6.0, implying that releases prior to 0.6.0 are vulnerable. Administrators should verify which version of uutils coreutils is installed on their hosts.", "description_and_impact": "The kill utility in uutils coreutils contains an argument parsing flaw that interprets the string \"-1\" as a request to send the default signal, SIGTERM, to PID -1. Sending a signal to PID -1 causes all processes visible to the caller to receive the signal, which can abruptly terminate them and crash the system. This is a classic input validation error (CWE\u201120) that directly leads to a local denial of service.", "risk_and_exploitability": "With a CVSS score of 5.5, the flaw has moderate severity. EPSS information is missing, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local: any user/process that can invoke \"kill -1\" with sufficient privileges can trigger the kernel to terminate all processes visible to the caller, resulting in a system crash or denial of service. Remote exploitation or code execution is not required for this vulnerability."}}}}, "created": "2026-04-27T18:42:00.095726+00:00", "updated": "2026-04-27T19:53:36.580012+00:00", "vendors": ["uutils", "uutils$PRODUCT$coreutils"]}