CVE-2026-35358

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The cp utility incorrectly handles character and block device nodes during recursive copies using the -R flag. Instead of preserving the device nodes via mknod, the utility treats them as stream sources and reads their bytes into regular files at the destination. This destruction of device semantics can result in runtime denial of service, potentially causing process hangs or disk exhaustion when reading from unbounded device nodes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.