Medium severity5.5NVD Advisory· Published Apr 22, 2026· Updated May 4, 2026
CVE-2026-35369
CVE-2026-35369
Description
An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massive process termination. This differs from GNU coreutils, which correctly recognizes -1 as a signal number in this context and would instead report a missing PID argument.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coreutilscrates.io | < 0.6.0 | 0.6.0 |
Affected products
3Patches
Vulnerability mechanics
References
5- github.com/uutils/coreutils/pull/9700nvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-gpcg-h6x2-c26pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-35369ghsaADVISORY
- github.com/uutils/coreutils/commit/2d3aebce6712841bc08b9b94e9078be50a25fc10ghsaWEB
- github.com/uutils/coreutils/releases/tag/0.6.0nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.