chmod Bypass Threatens System Integrity: CVE-2026-35338 Detailed
The National Vulnerability Database (NVD) has identified CVE-2026-35338, a critical vulnerability within the chmod utility of uutils coreutils. This flaw allows local attackers with low privileges to bypass the –preserve-root safety mechanism. The issue stems from inadequate path validation; the utility fails to canonicalize paths, meaning it treats variations like /../ or symbolic links as distinct from the root directory /. This oversight enables an attacker to execute potentially destructive recursive operations, such as chmod -R 000, against the entire filesystem, leading to widespread permission loss and system instability.
This vulnerability carries a CVSS score of 7.3 (HIGH) and falls under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). While specific affected products are not detailed by NVD, any system utilizing this version of uutils coreutils is at risk. The attack vector is local, requiring UI:R (User Interaction) which could be as simple as tricking a user into running a malicious command. The potential impact is severe, with C:H/I:H/A:H indicating high confidentiality, integrity, and availability impacts, effectively granting attackers full control over system permissions.
What This Means For You
- If your environment uses uutils coreutils, specifically the chmod utility, you must immediately verify if your deployed version is susceptible to CVE-2026-35338. Audit systems for unusual chmod operations or unexpected permission changes, especially those involving recursive flags. Prioritize patching or updating uutils coreutils to mitigate the risk of unauthorized root filesystem manipulation.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-35338: chmod Bypass with Path Traversal to Modify Root
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-35338 | Auth Bypass | uutils coreutils chmod utility --preserve-root bypass |
| CVE-2026-35338 | Misconfiguration | uutils coreutils chmod utility path canonicalization flaw |
| CVE-2026-35338 | DoS | uutils coreutils chmod utility recursive operations on root filesystem via path variants like /../ or symbolic links |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 22, 2026 at 20:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-34066 — nimiq-blockchain provides persistent block storage for
CVE-2026-34066 — nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must...
Nimiq Primitives Node Panic via Malformed BLS Key
CVE-2026-34065 — nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can...
CVE-2026-34064 — nimiq-account contains account primitives to be used in
CVE-2026-34064 — nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but...