CVE-2026-35381

Name of the Vulnerable Software and Affected Versions uutils coreutils (affected versions not specified)

Description A logic error in the cut utility occurs when the -s (only-delimited) flag is used in conjunction with the -z (null-terminated) and -d '' (empty delimiter) options. The utility incorrectly processes this combination through a specialized newline-delimiter code path that fails to verify the record suppression status. As a result, the utility emits the entire record along with a NUL byte instead of suppressing it, which differs from GNU coreutils behavior and may lead to data integrity risks in automated pipelines designed to filter undelimited data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.