CVE-2026-35372

DEB

Medium

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference…

CVSS

5.0

Medium

EPSS

0.00

Published

2026-01-01

Updated

2026-01-01

Description

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force (overwrite) mode was also enabled. This flaw causes ln to follow a symbolic link that points to a directory and create new links inside that target directory instead of treating the symbolic link itself as the destination. In environments where a privileged user or system script uses ln -n to update a symlink, a local attacker could manipulate existing symbolic links to redirect file creation into sensitive directories, potentially leading to unauthorized file creation or system misconfiguration.

Tags · CWE

CWE-61

CAPEC-27

Affected products

Coreutils < 0.8.0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Timeline

2026-01-01

Published

2026-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: H

High (H)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.001 · p3

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Product	Vendor	Status
rust-coreutils		Tracked
rust-coreutils		Tracked
rust-coreutils		Tracked
coreutils	*	Tracked

Source databases

DEB

CVE

External references

https://github.com/uutils/coreutils/pull/11253@https://github.com/uutils/coreutils/releases/tag/0.8.0