CVE-2026-35351

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The mv utility fails to preserve file ownership when moving files across different filesystem boundaries. In these instances, the utility uses a copy-and-delete routine that creates the destination file using the caller's UID (User Identifier) and GID (Group Identifier) instead of the source's metadata. This behavior can result in files moved by a privileged user becoming owned by that user, potentially leading to restricted access for intended owners or information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.