DEV Community

Cover image for Root Privilege Escalation and Container Escape Flaw Discovered in Coreutils
BeyondMachines for BeyondMachines

Posted on • Originally published at beyondmachines.net

Root Privilege Escalation and Container Escape Flaw Discovered in Coreutils

Summary

A high-severity vulnerability (CVE-2026-35368) in the uutils coreutils chroot utility allows attackers to execute arbitrary code as root and escape containers. The flaw occurs when the utility loads untrusted libraries from a new root directory before dropping system privileges.

Take Action:

Update your Rust-based coreutils to version 0.8.0 immediately to prevent attackers from gaining root access through the chroot command. If you can't patch right away, stop using the --userspec flag on any directory that an untrusted user can edit.


Read the full article on BeyondMachines


This article was originally published on BeyondMachines

Top comments (0)