Threat Advisory

uutils coreutils vulnerability bypasses dot protection mechanism

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in the rust/uu_rm package used within uutils coreutils. These issues affect versions prior to 0.7.0 and involve flaws in path handling and safeguard mechanisms. Specifically, the vulnerabilities allow attackers to bypass protections designed to prevent the deletion of the current directory and the root filesystem. Successful exploitation of these logic errors can lead to the complete loss of critical data or system directories, significantly impacting business operations and data integrity. The silent nature of these deletions further exacerbates the risk by delaying detection and recovery efforts.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in the rust/uu_rm package used within uutils coreutils. These issues affect versions prior to 0.7.0 and involve flaws in path handling and safeguard mechanisms. Specifically, the vulnerabilities allow attackers to bypass protections designed to prevent the deletion of the current directory and the root filesystem. Successful exploitation of these logic errors can lead to the complete loss of critical data or system directories, significantly impacting business operations and data integrity. The silent nature of these deletions further exacerbates the risk by delaying detection and recovery efforts.[emaillocker id="1283"]

• CVE-2026-35363 with a CVSS score of 5.6 – This vulnerability allows an attacker to bypass the dot protection mechanism by using trailing slashes like ./ or .///, causing the silent recursive deletion of the current directory contents. The issue arises because the utility fails to recognize these path variants as restricted, leading to data loss disguised by a misleading error message.
• CVE-2026-35349 with a CVSS score of 6.7 – This vulnerability enables the bypass of the --preserve-root safeguard via a symbolic link that resolves to the root directory, as the implementation relies on a string check rather than device and inode comparison. Attackers can exploit this to recursively delete system directories, resulting in high integrity and availability impacts on the affected system.

These vulnerabilities present a moderate to high risk to data integrity and system availability due to the potential for widespread unintended file deletion. Successful exploitation could cause severe operational disruptions and permanent data loss, significantly impacting business continuity. Immediate evaluation of systems utilizing the affected utility is strongly advised to prevent catastrophic data incidents.

RECOMMENDATION:

  • We recommend you to update rust uu_rm to version 0.7.0.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-89p7-7cq3-hhr2
https://github.com/advisories/GHSA-7cr3-h577-g38j

[/emaillocker]
crossmenu