{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35371", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-04-02T12:58:56.088Z", "datePublished": "2026-04-22T16:08:56.342Z", "dateUpdated": "2026-04-22T17:47:18.201Z"}, "containers": {"cna": {"title": "uutils coreutils id Misleading Identity Reporting in Pretty Print Mode", "affected": [{"vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "collectionURL": "https://github.com/uutils", "packageName": "coreutils", "repo": "https://github.com/uutils/coreutils", "defaultStatus": "affected"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-690", "descriptions": [{"lang": "en", "value": "CAPEC-690: Metadata Spoofing"}]}], "descriptions": [{"lang": "en", "value": "The id utility in uutils coreutils exhibits incorrect behavior in its \"pretty print\" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control."}], "references": [{"url": "https://github.com/uutils/coreutils/issues/10006", "tags": ["issue-tracking"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Zellic", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:08:56.342Z"}}, "adp": [{"references": [{"url": "https://github.com/uutils/coreutils/issues/10006", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T17:47:14.715102Z", "id": "CVE-2026-35371", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:47:18.201Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35371", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T17:47:14.715102Z"}}}], "references": [{"url": "https://github.com/uutils/coreutils/issues/10006", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:47:10.726Z"}}], "cna": {"title": "uutils coreutils id Misleading Identity Reporting in Pretty Print Mode", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Zellic"}], "impacts": [{"capecId": "CAPEC-690", "descriptions": [{"lang": "en", "value": "CAPEC-690: Metadata Spoofing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/uutils/coreutils", "vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "packageName": "coreutils", "collectionURL": "https://github.com/uutils", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/uutils/coreutils/issues/10006", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "The id utility in uutils coreutils exhibits incorrect behavior in its \"pretty print\" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:08:56.342Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35371", "state": "PUBLISHED", "dateUpdated": "2026-04-22T17:47:18.201Z", "dateReserved": "2026-04-02T12:58:56.088Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2026-04-22T16:08:56.342Z", "assignerShortName": "canonical"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uutils:coreutils:-:*:*:*:*:rust:*:*", "matchCriteriaId": "4A9AF9E4-E17C-48AD-8051-B49998618839", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The id utility in uutils coreutils exhibits incorrect behavior in its \"pretty print\" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control."}], "id": "CVE-2026-35371", "lastModified": "2026-05-04T20:02:06.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2026-04-22T17:16:40.987", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/uutils/coreutils/issues/10006"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/uutils/coreutils/issues/10006"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "unix", "macos"], "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "coreutils", "source": "cna", "vendor": "Uutils"}, "product": "coreutils", "vendor": "uutils"}], "analysis": {"en": {"generated_at": "2026-04-27T08:38:08.312333+00:00", "value": {"mitigation_remediation": ["Upgrade uutils coreutils to the latest release that includes the id utility fix.", "Avoid using pretty print mode when invoking id in automated scripts; if the utility supports a raw or non\u2011pretty option, use it to obtain the numeric UID directly.", "Review scripts or automation that parse id output for permission decisions and modify them to perform explicit UID checks or to ignore the parsed name output."], "summary": {"action": "Patch", "impact": "Misleading identity output"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the uutils coreutils collection, specifically the id command. No precise version information is provided in the advisory; all releases prior to the patch that corrects the name lookup are potentially impacted. The product is open\u2011source and commonly used on Linux\u2011like systems that rely on uutils coreutils for POSIX\u2011like utilities.", "description_and_impact": "The id utility in the uutils coreutils suite incorrectly resolves the user name for the effective UID when pretty print mode is enabled. The implementation uses the effective GID in the name lookup, causing the effective user name to be mapped to the group name. This produces misleading diagnostic output that can mislead automated scripts or system administrators into making incorrect decisions about file permissions or access control. The weakness is classified as CWE\u2011451, \"Insufficient Output Validation.\"", "risk_and_exploitability": "This flaw only misreports identity information for consumers of pretty print output; it does not enable privilege escalation or direct code execution. The CVSS score of 3.3 reflects a low severity risk limited to local observation. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog, indicating a small exploitation chance. The most likely attack vector requires local access to the system and unprotected scripts that parse id output. Attackers could attempt to manipulate such scripts that base permission decisions on the misreported user name, potentially leading to policy violations. The actual impact for an attacker is therefore indirect, limited to mishandled automation rather than direct compromise."}}}}, "created": "2026-04-22T18:15:15.481192+00:00", "updated": "2026-04-27T19:53:34.060063+00:00", "vendors": ["uutils", "uutils$PRODUCT$coreutils"]}