CVE-2026-35373

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A logic error in the ln utility causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms, such as 'ln SOURCE... DIRECTORY'. Unlike GNU ln, which treats filenames as raw bytes, this implementation enforces UTF-8 encoding. This results in a failure to stat the file and a non-zero exit code, which can lead to a local denial of service for automated scripts or system tasks processing valid non-UTF-8 filenames on Unix filesystems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.