CVE-2026-35346 in coreutilsinformação

Sumário

de MITRE • 22/04/2026

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior differs from GNU comm, which processes raw bytes and preserves the original input. This results in corrupted output when the utility is used to compare binary files or files using non-UTF-8 legacy encodings.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Canonical

Reservar

02/04/2026

Divulgação

22/04/2026

Moderação

aceite

Entrada

VDB-358989

CPE

pronto

CWE

CWE-176 (confirmado)

CVSS

3.3 (CNA)

EPSS

0.00014

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-35346
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-35346
CVE Details	https://www.cvedetails.com/cve/CVE-2026-35346/

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!