Low severity3.3NVD Advisory· Published Apr 22, 2026· Updated May 4, 2026

CVE-2026-35371

Description

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading diagnostic output that can cause automated scripts or system administrators to make incorrect decisions regarding file permissions or access control.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
coreutilscrates.io	<= 0.8.0	—

Affected products

Uutils/Coreutilsreferences2 versions
(expand)+ 1 more
- (no CPE)
- cpe:2.3:a:uutils:coreutils:-:*:*:*:*:rust:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/uutils/coreutils/issues/10006nvdExploitIssue TrackingWEB
github.com/advisories/GHSA-53gr-wmf4-8hh3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-35371ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000