CVE-2026-35378

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A logic error in the expr utility causes the program to evaluate parenthesized subexpressions during the parsing phase instead of the execution phase. This flaw prevents proper short-circuiting for logical OR (|) and AND (&) operations. Consequently, arithmetic errors, such as division by zero, occurring within branches that should be ignored are raised as fatal errors. This behavior differs from GNU expr and can cause guarded expressions in shell scripts to fail with hard errors, leading to premature script termination and breaking GNU-compatible shell control flow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.