EXECUTIVE SUMMARY:
CVE-2026-35370 with a CVSS score of 4.4 is a medium‑severity flaw in the id utility of the rust/uu_id (uutils coreutils) package, affecting all releases prior to version 0.6.0. The vulnerability stems from the implementation using a user’s real group identifier (GID) instead of the effective GID when constructing the groups= field of the command’s output, which can diverge from the behavior of GNU coreutils. An attacker with low‑privilege local access can invoke the id binary in a context where the real and effective GIDs differ—such as inside a set‑uid program or after a credential change—to obtain a fabricated group list that omits or adds groups erroneously. This manipulated output can be fed to scripts or automation tools that rely on id for access‑control decisions, effectively allowing the attacker to bypass intended permission checks and gain unauthorized access to files, services, or data. The business impact includes potential security‑policy violations, exposure of sensitive resources, and compliance breaches. Exploitation requires only local execution of the vulnerable binary under a mismatched real/effective GID scenario; no network access or additional privileges are needed.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-35370 with a CVSS score of 4.4 is a medium‑severity flaw in the id utility of the rust/uu_id (uutils coreutils) package, affecting all releases prior to version 0.6.0. The vulnerability stems from the implementation using a user’s real group identifier (GID) instead of the effective GID when constructing the groups= field of the command’s output, which can diverge from the behavior of GNU coreutils. An attacker with low‑privilege local access can invoke the id binary in a context where the real and effective GIDs differ—such as inside a set‑uid program or after a credential change—to obtain a fabricated group list that omits or adds groups erroneously. This manipulated output can be fed to scripts or automation tools that rely on id for access‑control decisions, effectively allowing the attacker to bypass intended permission checks and gain unauthorized access to files, services, or data. The business impact includes potential security‑policy violations, exposure of sensitive resources, and compliance breaches. Exploitation requires only local execution of the vulnerable binary under a mismatched real/effective GID scenario; no network access or additional privileges are needed.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-47c7-qrm7-mqw7