CVE-2026-35348

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The sort utility is susceptible to a process panic when the '--files0-from' option is used with inputs containing non-UTF-8 filenames. The issue occurs because the implementation enforces UTF-8 encoding and uses the expect() function, leading to an immediate crash when valid but non-UTF-8 paths are encountered. This behavior differs from GNU sort, which processes filenames as raw bytes. A local attacker can leverage this to crash the utility and disrupt automated pipelines.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.