Compliance Impact

This vulnerability allows bypassing the --preserve-root protection in the rm utility, potentially leading to unintended recursive deletion of the entire root filesystem.

Such a deletion could result in loss of critical system and data files, which may impact the availability and integrity of data.

Loss of data availability and integrity can affect compliance with standards like GDPR and HIPAA, which require organizations to protect personal and sensitive data from unauthorized destruction or loss.

Therefore, exploitation of this vulnerability could lead to non-compliance with these regulations due to failure in maintaining data integrity and availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the `rm` utility in uutils coreutils where the `--preserve-root` protection can be bypassed using symbolic links that resolve to the root directory.

To detect if your system is vulnerable, you can check for the presence of symbolic links that point to the root directory, such as links like `/tmp/rootlink -> /`.

Suggested commands to identify such symlinks include:

• Find symbolic links pointing to root: `find / -type l -exec readlink -f {} \; | grep '^/$'`
• Check if your `rm` command is from uutils coreutils and its version: `rm --version` or check the package version installed.
• Test the behavior of `rm --preserve-root` with a symlink to root carefully in a controlled environment to see if it blocks deletion.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should update the uutils coreutils package to a version that includes the fix merged on February 5, 2026.

The fix ensures that `rm` resolves symbolic links and correctly identifies the root directory, preventing bypass of the `--preserve-root` safeguard.

Until the update is applied, avoid using `rm --preserve-root` on paths that may involve symbolic links pointing to root, and audit your system for such symlinks.

Additionally, consider restricting permissions to prevent untrusted users from creating symbolic links that could exploit this vulnerability.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in the rm utility of uutils coreutils, where the --preserve-root protection can be bypassed. Instead of properly verifying the root directory by comparing device and inode numbers, the implementation uses a path-string check. This allows an attacker or accidental user to create a symbolic link that points to the root directory (for example, /tmp/rootlink -> /) and bypass the safeguard.

As a result, the rm command may recursively delete the entire root filesystem unintentionally.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to the unintended recursive deletion of the entire root filesystem. This means critical system files and data could be erased, potentially causing system failure, data loss, and downtime.

Useful 0 Not Useful 0