Low severity3.3NVD Advisory· Published Apr 22, 2026· Updated May 4, 2026
CVE-2026-35371
CVE-2026-35371
Description
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coreutilscrates.io | <= 0.8.0 | — |
Affected products
5- osv-coords3 versions
< 0.9.0-r0+ 2 more
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: <= 0.8.0
Patches
Vulnerability mechanics
References
3- github.com/uutils/coreutils/issues/10006nvdExploitIssue TrackingWEB
- github.com/advisories/GHSA-53gr-wmf4-8hh3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-35371ghsaADVISORY
News mentions
0No linked articles in our index yet.