CVE-2026-35367
Insecure File Permissions in uutils nohup Allow Data Exposure
Publication date: 2026-04-22
Last updated on: 2026-04-24
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uutils | coreutils | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability involves the nohup utility in uutils coreutils creating its default output file, nohup.out, without setting explicit restricted permissions.
As a result, the file inherits the system's umask-based permissions, which typically makes it world-readable (0644).
This means that in multi-user environments, any user on the system can read the contents of nohup.out, which captures the stdout and stderr output of commands.
This behavior differs from GNU coreutils, where nohup.out is created with owner-only permissions (0600), preventing other users from reading it.
How can this vulnerability impact me? :
This vulnerability can lead to unintended information disclosure in multi-user systems.
Since nohup.out files are world-readable, other users can access the output of commands run by different users.
This may expose sensitive or confidential information contained in the command outputs, potentially leading to privacy breaches or aiding attackers in gathering information about system activities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the permissions of the nohup.out files created by the nohup utility. Since the issue is that nohup.out files are created with world-readable permissions (typically 0644), you can look for such files and verify their permissions.
- Use the command: find / -name nohup.out -exec ls -l {} \; to locate all nohup.out files and display their permissions.
- Check if any nohup.out files have permissions that are more permissive than 0600, for example, 0644, which indicates the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should restrict the permissions of existing nohup.out files to be owner-only (0600) to prevent other users from reading sensitive output.
- Run chmod 600 nohup.out on existing nohup.out files to restrict access.
Additionally, consider setting a stricter umask before running nohup commands to ensure newly created nohup.out files do not have world-readable permissions.
- Set umask 077 in your shell environment before running nohup.
Monitor updates from the uutils coreutils project for a fix that changes the default permissions of nohup.out to 0600, aligning with GNU coreutils behavior.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes the nohup utility to create output files with world-readable permissions, potentially exposing sensitive information to unauthorized users in multi-user environments.
This exposure of sensitive data could lead to non-compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict controls on access to personal and sensitive information.
By allowing other users to read command output that may contain sensitive data, the vulnerability increases the risk of unauthorized data disclosure, which is contrary to the confidentiality requirements mandated by these regulations.