CVE-2026-35365: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Uutils coreutils
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.
AI Analysis
Technical Summary
The mv utility in uutils coreutils improperly handles symbolic links during moves across filesystem boundaries by expanding symlinks rather than preserving them. This can lead to copying large external directories unintentionally, duplication of sensitive data, or infinite recursion if symlink loops exist. The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access). It has a CVSS 3.1 base score of 6.6, indicating medium severity, with attack vector local, low attack complexity, low privileges required, no user interaction, unchanged scope, low confidentiality impact, high integrity impact, and low availability impact. No patch or official remediation is currently documented.
Potential Impact
Exploitation of this vulnerability can result in resource exhaustion (disk space or processing time) if symlinks point to large external directories. It may also cause unintended duplication of sensitive data into locations that were not intended by the user or system administrator. Additionally, symlink loops can cause infinite recursion and repeated copying, potentially leading to system instability or denial of service. The confidentiality impact is low, integrity impact is high, and availability impact is low according to the CVSS vector.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when using the mv utility on directory trees containing symbolic links, especially when moving across filesystem boundaries. Avoid moving directories with complex or unknown symlink structures to prevent resource exhaustion or data duplication.
CVE-2026-35365: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Uutils coreutils
Description
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The mv utility in uutils coreutils improperly handles symbolic links during moves across filesystem boundaries by expanding symlinks rather than preserving them. This can lead to copying large external directories unintentionally, duplication of sensitive data, or infinite recursion if symlink loops exist. The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access). It has a CVSS 3.1 base score of 6.6, indicating medium severity, with attack vector local, low attack complexity, low privileges required, no user interaction, unchanged scope, low confidentiality impact, high integrity impact, and low availability impact. No patch or official remediation is currently documented.
Potential Impact
Exploitation of this vulnerability can result in resource exhaustion (disk space or processing time) if symlinks point to large external directories. It may also cause unintended duplication of sensitive data into locations that were not intended by the user or system administrator. Additionally, symlink loops can cause infinite recursion and repeated copying, potentially leading to system instability or denial of service. The confidentiality impact is low, integrity impact is high, and availability impact is low according to the CVSS vector.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when using the mv utility on directory trees containing symbolic links, especially when moving across filesystem boundaries. Avoid moving directories with complex or unknown symlink structures to prevent resource exhaustion or data duplication.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-02T12:58:56.088Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e8f7d319fe3cd2cdd00d07
Added to database: 4/22/2026, 4:31:15 PM
Last enriched: 4/22/2026, 4:48:43 PM
Last updated: 4/23/2026, 2:32:06 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.