Vulnerability Details CVE-2026-35343
The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print non-delimited lines that should have been suppressed. This can lead to unexpected data being passed to downstream scripts that rely on strict output filtering.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.6%
CVSS Severity
CVSS v3 Score 3.3