CVE-2026-35347

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations. The are files identical() function opens and reads from both input paths to compare content without verifying if the paths refer to regular files. If an input path is a FIFO (a special file that allows communication between processes) or a pipe, this pre-read operation drains the stream, causing silent data loss before the actual comparison logic is executed. Furthermore, the utility may hang indefinitely when attempting to pre-read from infinite streams such as '/dev/zero'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.