{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35340", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-04-02T12:58:56.086Z", "datePublished": "2026-04-22T16:07:36.708Z", "dateUpdated": "2026-04-22T18:14:26.690Z"}, "containers": {"cna": {"title": "uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode", "affected": [{"vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "collectionURL": "https://github.com/uutils", "packageName": "coreutils", "repo": "https://github.com/uutils/coreutils", "versions": [{"status": "affected", "lessThan": "0.6.0", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-253", "description": "CWE-253: Incorrect Check of Function Return Value", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-184", "descriptions": [{"lang": "en", "value": "CAPEC-184: Software Integrity Attack"}]}], "descriptions": [{"lang": "en", "value": "A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree."}], "references": [{"url": "https://github.com/uutils/coreutils/pull/10035", "tags": ["patch", "issue-tracking"]}, {"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}}], "credits": [{"lang": "en", "value": "Zellic", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:07:36.708Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T18:14:17.886908Z", "id": "CVE-2026-35340", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:14:26.690Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35340", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-04-02T12:58:56.086Z", "datePublished": "2026-04-22T16:07:36.708Z", "dateUpdated": "2026-04-22T18:14:26.690Z"}, "containers": {"cna": {"title": "uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode", "affected": [{"vendor": "Uutils", "product": "coreutils", "platforms": ["Linux", "Unix", "macOS"], "collectionURL": "https://github.com/uutils", "packageName": "coreutils", "repo": "https://github.com/uutils/coreutils", "versions": [{"status": "affected", "lessThan": "0.6.0", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-253", "description": "CWE-253: Incorrect Check of Function Return Value", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-184", "descriptions": [{"lang": "en", "value": "CAPEC-184: Software Integrity Attack"}]}], "descriptions": [{"lang": "en", "value": "A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree."}], "references": [{"url": "https://github.com/uutils/coreutils/pull/10035", "tags": ["patch", "issue-tracking"]}, {"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}}], "credits": [{"lang": "en", "value": "Zellic", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-04-22T16:07:36.708Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35340", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T18:14:17.886908Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:14:22.272Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree."}], "id": "CVE-2026-35340", "lastModified": "2026-04-22T21:23:52.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2026-04-22T17:16:35.923", "references": [{"source": "security@ubuntu.com", "url": "https://github.com/uutils/coreutils/pull/10035"}, {"source": "security@ubuntu.com", "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-253"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "unix", "macos"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "coreutils", "source": "cna", "vendor": "Uutils"}, "product": "coreutils", "vendor": "uutils"}], "analysis": {"en": {"generated_at": "2026-04-27T08:47:19.350646+00:00", "value": {"mitigation_remediation": ["Upgrade uutils coreutils to version\u00a00.6.0 or newer, which contains the corrected exit code logic.", "Refactor scripts that depend on return codes to validate ownership changes explicitly after the command completes, for example by checking file attributes with stat or inspecting the ownership of the target files.", "As an interim workaround for systems that cannot upgrade immediately, wrap the chown/chgrp commands in a custom script that iterates over each file in the tree and ensures success; abort if any file fails, thereby enforcing the correct status."], "summary": {"action": "Apply Patch", "impact": "Misleading Success Status"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Uutils coreutils package, specifically the chown and chgrp utilities, present in all releases prior to version\u00a00.6.0. Systems using older installs are susceptible until they apply the update containing the fix.", "description_and_impact": "A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations; the final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even when earlier ownership or group changes fail, leading to misinterpretation of success by scripts and administrators. This vulnerability corresponds to CWE-253, which involves incorrect initialization or state.", "risk_and_exploitability": "The CVSS score of 5.5 indicates medium severity. EPSS is not available, suggesting limited exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. The risk primarily stems from automated processes misinterpreting success, potentially proceeding with tasks under false assumptions, which could lead to incomplete permission changes, creating security gaps and possibly enabling privilege escalation or data exposure."}}}}, "created": "2026-04-27T18:45:11.484259+00:00", "updated": "2026-04-27T19:54:48.359106+00:00", "vendors": ["uutils", "uutils$PRODUCT$coreutils"]}