CVE-2026-35343

LOW 3.3

uutils coreutils cut Inconsistent Output Suppression with Newline Delimiters

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print non-delimited lines that should have been suppressed. This can lead to unexpected data being passed to downstream scripts that rely on strict output filtering.

CWE	CWE-670
Vendor	uutils
Product	coreutils
Published	Apr 22, 2026
Last Updated	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for uutils coreutils

Be the first to know when new low vulnerabilities affecting uutils coreutils are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

Uutils / coreutils

0 < 0.8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/uutils/coreutils/pull/11143 github.com: https://github.com/uutils/coreutils/releases/tag/0.7.0

Credits

Zellic