CVE-2026-35379

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A logic error in the tr utility causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space character (0x20) in the [:graph:] class and excludes it from the [:print:] class, reversing the standard behavior established by POSIX and GNU coreutils. This can lead to unintended data modification or loss in automated scripts or data-cleaning pipelines that rely on standard character class semantics, such as incorrectly deleting ASCII spaces when intending to preserve whitespace.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.