CVE-2026-35371

Published: Apr 22, 2026

Modified: Apr 22, 2026

PUBLISHED

CVSS v3.1

3.3

LOW

Description

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control.

Vendor	Product	Versions
Uutils	coreutils	All versions

Weaknesses (CWE)

CWE-451

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/uutils/coreutils/issues/10006

issue-tracking

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-35371

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References