CVE-2026-35348

by Fred · 22/04/2026

The sort utility in uutils coreutils is vulnerable to a process panic when using the –files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but non-UTF-8 paths. This diverges from GNU sort, which treats filenames as raw bytes. A local attacker can exploit this to crash the utility and disrupt automated pipelines.

More information : https://github.com/uutils/coreutils/issues/9696

CVE-2026-35348

Similar

Recent Posts

Categories

CVE-2026-35348

Share this:

Similar

Recent Posts

Categories

Tags