CVE-2026-35367

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description The nohup utility creates its default output file, 'nohup.out', without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, which typically results in the file being world-readable (0644). In multi-user environments, this allows any user on the system to read the captured stdout/stderr output of a command, potentially exposing sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.