CVE-2026-35349

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A flaw in the rm utility allows a bypass of the --preserve-root protection. The system uses a path-string check instead of comparing device and inode numbers to identify the root directory. This allows a user to bypass the safeguard by using a symbolic link that resolves to the root directory, which could lead to the recursive deletion of the entire root filesystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.