CVE-2026-35363 in coreutilsinformação

Sumário

de MITRE • 22/04/2026

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or malicious execution of rm -rf ./ results in the silent recursive deletion of all contents within the current directory. The command further obscures the data loss by reporting a misleading 'Invalid input' error, which may cause users to miss the critical window for data recovery.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Canonical

Reservar

02/04/2026

Divulgação

22/04/2026

Moderação

aceite

Entrada

VDB-359017

CPE

pronto

CWE

CWE-22 (confirmado)

CVSS

5.6 (CNA)

EPSS

0.00008

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-35363
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-35363
CVE Details	https://www.cvedetails.com/cve/CVE-2026-35363/

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!