HomeCVE Intelligence › CVE-2026-35338
CVSS 7.3 HIGH Vulnerability

CVE-2026-35338: chmod: --preserve-root bypassed by any path that resolves to root (e.g. /../)

Chmoder::chmod() only compares the literal argument against Path::new("/"), so the --preserve-root guard is bypassed by any path that *resolvesto root — a symlink to / or simply /../. `` if self.recursive && self.preser…

7.3CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-35338
Vendorrust
Affected Productuu_chmod
Vulnerability TypeVulnerability
CVSS Score7.3 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Chmoder::chmod() only compares the literal argument against Path::new("/"), so the --preserve-root guard is bypassed by any path that *resolves* to root — a symlink to / or simply /../. `` if self.recursive && self.preserve_root && file == Path::new("/") { return Err(ChmodError::PreserveRoot("/".to_string()).into()); } ` PoC — recursively chmods the entire filesystem to 000 despite --preserve-root: ` chmod -R --preserve-root 000 /../ -v ` Impact: --preserve-root is the documented safeguard against destructive recursive operations on /. Bypassing it allows chmod -R` to alter permissions across the whole filesystem, causing a complete system breakdown. Recommendation: canonicalize the target path before comparing against root. Remediation: Acknowledged b

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-35338 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence