CVE-2026-35343

Summary

The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print non-delimited lines that should have been suppressed. This can lead to unexpected data being passed to downstream scripts that rely on strict output filtering.

Affected Software

VendorProductVersion RangeStatus
Uutilscoreutils0 < 0.8.0affected

Weaknesses

  • CWE-670: CWE-670: Always-Incorrect Control Flow Implementation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References