CVE-2026-35368

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A flaw in the chroot utility occurs when the --userspec option is used. The utility calls the getPwnam() function to resolve user specifications after entering the chroot environment but before relinquishing root privileges. On glibc-based systems, this process triggers the Name Service Switch (NSS), which may load shared libraries such as 'libnss *.so.2' from the new root directory. If an attacker has write access to the new root directory, they can inject a malicious NSS module to execute arbitrary code with root privileges, potentially leading to privilege escalation or a full container escape.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.