VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-q9pt-1vcd-37bg

Essentials
Severities (12)
References (6)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-q9pt-1vcd-37bg
Aliases	CVE-2026-35368 GHSA-mh5c-xrmh-m794
Summary	A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch (NSS) to load shared libraries (e.g., libnss_*.so.2) from the new root directory. If the NEWROOT is writable by an attacker, they can inject a malicious NSS module to execute arbitrary code as root, facilitating a full container escape or privilege escalation.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-426

Untrusted Search Path

System	Score	Found at
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2026-35368
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2026-35368
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2026-35368
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-mh5c-xrmh-m794
cvssv3.1	7.8	https://github.com/uutils/coreutils
generic_textual	HIGH	https://github.com/uutils/coreutils
cvssv3.1	7.2	https://github.com/uutils/coreutils/issues/10327
cvssv3.1	7.8	https://github.com/uutils/coreutils/issues/10327
generic_textual	HIGH	https://github.com/uutils/coreutils/issues/10327
ssvc	Track*	https://github.com/uutils/coreutils/issues/10327
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2026-35368
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2026-35368

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2026-35368
		https://github.com/uutils/coreutils
		https://nvd.nist.gov/vuln/detail/CVE-2026-35368
10327		https://github.com/uutils/coreutils/issues/10327
1136198		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136198
GHSA-mh5c-xrmh-m794		https://github.com/advisories/GHSA-mh5c-xrmh-m794

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/uutils/coreutils

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/uutils/coreutils/issues/10327

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/uutils/coreutils/issues/10327

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-22T17:48:56Z/ Found at https://github.com/uutils/coreutils/issues/10327

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-35368

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.02824
EPSS Score	0.00014
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:44:54.751762+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2026/35xxx/CVE-2026-35368.json	38.6.0