CVE-2026-35350

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The cp utility fails to properly handle setuid and setgid bits when ownership preservation fails. When using the '-p' (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining original privileged bits, creating unexpected privileged executables that violate local security policies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.