{"vulnerability": "CVE-2026-3536", "sightings": [{"uuid": "93c681f3-5450-4eaf-b407-d00bed06393f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mgb2ttyg7u2o", "content": "", "creation_timestamp": "2026-03-04T19:55:29.027595Z"}, {"uuid": "27bf9d3a-afe3-4e57-be8b-7fdd32f48462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mgf73yayvk27", "content": "", "creation_timestamp": "2026-03-06T11:22:19.375142Z"}, {"uuid": "969214c8-0ddd-4a73-ab4a-20207e66a453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review", "content": "", "creation_timestamp": "2026-03-10T16:57:37.000000Z"}, {"uuid": "c67f83ab-eb2d-405b-8908-bfd4a29a4dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mgelmxrezs2x", "content": "", "creation_timestamp": "2026-03-06T05:33:55.586037Z"}, {"uuid": "d8ac689e-d7cf-4403-b23a-f77761376103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116174141918691451", "content": "", "creation_timestamp": "2026-03-05T02:12:06.527815Z"}, {"uuid": "97471ddb-36f4-47de-a115-4a06960d3e7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mgcycra7ak26", "content": "", "creation_timestamp": "2026-03-05T14:15:27.581081Z"}, {"uuid": "7cb62629-5be0-446d-8ef1-28b0f1c79b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2026/32782", "content": "", "creation_timestamp": "2026-03-11T03:00:16.000000Z"}, {"uuid": "94184201-c6b2-4db7-92f2-7709165bcc0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://isc.sans.edu/diary/rss/32782", "content": "", "creation_timestamp": "2026-03-11T03:00:20.000000Z"}, {"uuid": "260315f5-3bfc-4698-96dc-2daca9f314c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0253/", "content": "", "creation_timestamp": "2026-03-09T00:00:00.000000Z"}, {"uuid": "1a356fea-e3c8-4255-9917-a89497682d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3536", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260309", "content": "", "creation_timestamp": "2026-03-09T01:00:00.000000Z"}, {"uuid": "bc839fe6-e87e-4099-a9d7-a7dac2cb0b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35368", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mk46smokds2l", "content": "", "creation_timestamp": "2026-04-22T19:03:51.862227Z"}, {"uuid": "0ab99b46-7542-41db-8957-58e55539a69d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35368", "type": "seen", "source": "Telegram/y1XO5mBm2flLcrjS5YpFLtlumq47M984z8tJCHS_wnxFgvg", "content": "", "creation_timestamp": "2026-04-22T19:23:16.000000Z"}, {"uuid": "fdae0f62-dcd5-4480-a0e7-be1735a11148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35368", "type": "seen", "source": "https://bsky.app/profile/daveandersen.bsky.social/post/3mknki6zzwc2z", "content": "These are _mostly_ bugs that an experienced developer of these kinds of utilities would have avoided (uutils was not written by unix-tool-expert developers), but some are more subtle, like CVE-2026-35368 involving a shared library open.\n\nBut it's a well-written post that's worth reading.", "creation_timestamp": "2026-04-29T16:48:02.238924Z"}, {"uuid": "889ba27c-0e04-466e-aeca-1aca8a819816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35368", "type": "seen", "source": "https://bsky.app/profile/daveandersen.bsky.social/post/3mknki6hnzs2z", "content": "These are _mostly_ bugs that an experienced developer of these kinds of utilities would have avoided (uutils was not written by unix-tool-expert developers), but some are more subtle, like CVE-2026-35368 involving a shared library open.\n\nBut it's a well-written post that's worth reading.", "creation_timestamp": "2026-04-29T16:48:01.705177Z"}, {"uuid": "b58a3fec-fe89-4cac-8933-1e635175299e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35366", "type": "seen", "source": "https://gist.github.com/alon710/07d450ac5289edebf7f986d4d73c3cf2", "content": "# CVE-2026-35366: CVE-2026-35366: Security Inspection Bypass in uutils coreutils printenv via non-UTF-8 Environment Variables\n\n&gt; **CVSS Score:** 4.4\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-35366\n\n## Summary\nA security inspection bypass vulnerability exists in the printenv utility of uutils coreutils (a Rust-based implementation of GNU coreutils) prior to version 0.6.0. Due to a semantic mismatch between POSIX environment variable specifications and Rust's strict UTF-8 validation rules, environment variables containing invalid UTF-8 byte sequences are silently omitted from printenv outputs. This allows local attackers to load and execute adversarial environment variables while remaining undetected by system administrators and automated security auditing tools.\n\n## TL;DR\nPrior to version 0.6.0, the Rust implementation of printenv silently filters out environment variables that contain invalid UTF-8 byte sequences, allowing attackers to hide malicious environmental settings from security audits.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-754\n- **Attack Vector**: Local\n- **CVSS v3.1 Score**: 4.4\n- **EPSS Score**: 0.0017 (0.17%)\n- **Impact**: Defense Evasion / Inspection Bypass\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- POSIX-compliant systems using uutils coreutils printenv prior to version 0.6.0\n- Security auditing tools relying on uutils coreutils printenv outputs\n- **coreutils**: &lt; 0.6.0 (Fixed in: `0.6.0`)\n\n## Mitigation\n\n- Upgrade uutils coreutils to version 0.6.0 or later.\n- Audit active process environment blocks using kernel-level interfaces like /proc instead of vulnerable utilities.\n- Avoid using standard Rust String types for handling operating system environment interfaces in system utilities.\n\n**Remediation Steps:**\n1. Locate systems running uutils coreutils.\n2. Update the package to version 0.6.0 or later using the appropriate system package manager or Cargo.\n3. For temporary auditing, use 'cat /proc//environ | tr \"\\0\" \"\\n\"' to securely examine environments in a raw byte format.\n\n## References\n\n- [uutils coreutils Issue #9701: printenv skips environment variables with invalid UTF-8](https://github.com/uutils/coreutils/issues/9701)\n- [uutils coreutils Release 0.6.0](https://github.com/uutils/coreutils/releases/tag/0.6.0)\n- [CVE-2026-35366 Record](https://www.cve.org/CVERecord?id=CVE-2026-35366)\n- [NVD Advisory for CVE-2026-35366](https://nvd.nist.gov/vuln/detail/CVE-2026-35366)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35366) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T21:12:12.324972Z"}, {"uuid": "4b748536-623b-4b46-b79d-d8bddcdf2983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35361", "type": "seen", "source": "https://gist.github.com/alon710/6c1cffea0af70b2d894e0c1c7fb89b36", "content": "# CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod\n\n&gt; **CVSS Score:** 3.4\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-35361\n\n## Summary\nA security permission bypass vulnerability exists in the mknod utility of uutils coreutils on Linux systems utilizing SELinux. The utility fails to atomically assign SELinux security contexts during special file creation. When assignment fails, the program attempts cleanup using an incorrect file system API, which fails silently. This leaves mislabeled, orphaned special files on disk with potentially weaker default inherited permissions.\n\n## TL;DR\nThe mknod utility in uutils coreutils fails to clean up orphaned special files when SELinux labeling fails because it incorrectly attempts to delete them using rmdir instead of unlink. This leaves mislabeled device nodes or FIFOs on disk under default permissions, bypassing mandatory access controls.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-281, CWE-459\n- **Attack Vector**: Local\n- **CVSS Score**: 3.4\n- **EPSS Score**: 0.00142 (0.142%)\n- **Exploit Status**: Proof of Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Linux systems utilizing SELinux where uutils coreutils mknod is installed\n- **uutils coreutils**: &lt; 0.6.0 (Fixed in: `0.6.0`)\n\n## Mitigation\n\n- Upgrade to uutils coreutils version 0.6.0 or later to ensure proper cleanup of orphaned special files.\n- Validate that newly created nodes do not exist on the filesystem if a mknod command fails when setting a custom context.\n- Implement automated filesystem integrity and security context audits on sensitive device directories.\n\n**Remediation Steps:**\n1. Identify installations of uutils coreutils older than version 0.6.0.\n2. Apply the update to version 0.6.0 or newer via the system package manager or Cargo compile.\n3. Deploy the configuration changes to active auditing tools (such as Auditd) to monitor for failed cleanup attempts.\n4. Verify the installation by running the validation test script to confirm proper cleanup of invalid contexts.\n\n## References\n\n- [GitHub Pull Request #10582](https://github.com/uutils/coreutils/pull/10582)\n- [GitHub Fix Commit](https://github.com/uutils/coreutils/commit/42b2ad83cdcf6e959ecb378c5040c60d9c64becf)\n- [uutils coreutils 0.6.0 Release Notes](https://github.com/uutils/coreutils/releases/tag/0.6.0)\n- [CVE Record for CVE-2026-35361](https://www.cve.org/CVERecord?id=CVE-2026-35361)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35361) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T23:11:39.098159Z"}, {"uuid": "824a4425-006f-43c8-a743-b3ec0341932c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35361", "type": "seen", "source": "https://gist.github.com/alon710/6c1cffea0af70b2d894e0c1c7fb89b36", "content": "# CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod\n\n&gt; **CVSS Score:** 3.4\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-35361\n\n## Summary\nA security permission bypass vulnerability exists in the mknod utility of uutils coreutils on Linux systems utilizing SELinux. The utility fails to atomically assign SELinux security contexts during special file creation. When assignment fails, the program attempts cleanup using an incorrect file system API, which fails silently. This leaves mislabeled, orphaned special files on disk with potentially weaker default inherited permissions.\n\n## TL;DR\nThe mknod utility in uutils coreutils fails to clean up orphaned special files when SELinux labeling fails because it incorrectly attempts to delete them using rmdir instead of unlink. This leaves mislabeled device nodes or FIFOs on disk under default permissions, bypassing mandatory access controls.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-281, CWE-459\n- **Attack Vector**: Local\n- **CVSS Score**: 3.4\n- **EPSS Score**: 0.00142 (0.142%)\n- **Exploit Status**: Proof of Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Linux systems utilizing SELinux where uutils coreutils mknod is installed\n- **uutils coreutils**: &lt; 0.6.0 (Fixed in: `0.6.0`)\n\n## Mitigation\n\n- Upgrade to uutils coreutils version 0.6.0 or later to ensure proper cleanup of orphaned special files.\n- Validate that newly created nodes do not exist on the filesystem if a mknod command fails when setting a custom context.\n- Implement automated filesystem integrity and security context audits on sensitive device directories.\n\n**Remediation Steps:**\n1. Identify installations of uutils coreutils older than version 0.6.0.\n2. Apply the update to version 0.6.0 or newer via the system package manager or Cargo compile.\n3. Deploy the configuration changes to active auditing tools (such as Auditd) to monitor for failed cleanup attempts.\n4. Verify the installation by running the validation test script to confirm proper cleanup of invalid contexts.\n\n## References\n\n- [GitHub Pull Request #10582](https://github.com/uutils/coreutils/pull/10582)\n- [GitHub Fix Commit](https://github.com/uutils/coreutils/commit/42b2ad83cdcf6e959ecb378c5040c60d9c64becf)\n- [uutils coreutils 0.6.0 Release Notes](https://github.com/uutils/coreutils/releases/tag/0.6.0)\n- [CVE Record for CVE-2026-35361](https://www.cve.org/CVERecord?id=CVE-2026-35361)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35361) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-07T00:00:03.084339Z"}]}