CVE-2026-35535

Summary

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Affected Software

VendorProductVersion RangeStatus
Sudo projectSudo0 < 3e474c2f201484be83d994ae10a4e20e8c81bb69affected

Weaknesses

  • CWE-271: CWE-271 Privilege Dropping / Lowering Errors

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

Additional References

References