CVE-2026-35365

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The mv utility improperly handles directory trees containing symbolic links when moving them across filesystem boundaries. The implementation expands symbolic links—which are pointers to other files or directories—and copies the linked targets as real files or directories at the destination instead of preserving the links. This behavior can result in resource exhaustion of disk space or time if links point to large external directories, unexpected duplication of sensitive data, or infinite recursion and repeated copying when symbolic link loops are present.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.