CVE-2026-35366

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The printenv utility fails to display environment variables that contain invalid UTF-8 byte sequences. Although POSIX allows arbitrary bytes in environment strings, the implementation silently skips these entries instead of printing the raw bytes. This behavior allows malicious environment variables, such as adversarial LD PRELOAD values, to evade detection by security auditing tools or administrators, which could facilitate undetected library injection or other environment-based attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.