{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35535", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-03T02:21:32.829Z", "datePublished": "2026-04-03T02:21:33.584Z", "dateUpdated": "2026-04-04T03:55:19.379Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sudo", "vendor": "Sudo project", "versions": [{"lessThan": "3e474c2f201484be83d994ae10a4e20e8c81bb69", "status": "affected", "version": "0", "versionType": "git"}]}], "descriptions": [{"lang": "en", "value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-271", "description": "CWE-271 Privilege Dropping / Lowering Errors", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T02:21:33.584Z"}, "references": [{"url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"}, {"url": "https://www.qualys.com/2026/03/10/crack-armor.txt"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"}, {"url": "https://bugs.debian.org/1130593"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-35535"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:55:19.379Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35535", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-03T13:14:52.302723Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:14:56.484Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sudo project", "product": "Sudo", "versions": [{"status": "affected", "version": "0", "lessThan": "3e474c2f201484be83d994ae10a4e20e8c81bb69", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"}, {"url": "https://www.qualys.com/2026/03/10/crack-armor.txt"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"}, {"url": "https://bugs.debian.org/1130593"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-271", "description": "CWE-271 Privilege Dropping / Lowering Errors"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T02:21:33.584Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35535", "state": "PUBLISHED", "dateUpdated": "2026-04-04T03:55:19.379Z", "dateReserved": "2026-04-03T02:21:32.829Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-03T02:21:33.584Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."}], "id": "CVE-2026-35535", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-03T03:16:18.233", "references": [{"source": "cve@mitre.org", "url": "https://bugs.debian.org/1130593"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"}, {"source": "cve@mitre.org", "url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"}, {"source": "cve@mitre.org", "url": "https://www.qualys.com/2026/03/10/crack-armor.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-271"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "sudo: Sudo: Privilege escalation due to failure in privilege drop calls", "id": "2454714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454714"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-272", "details": ["A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system."], "name": "CVE-2026-35535", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-03T02:21:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-35535\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-35535\nhttps://bugs.debian.org/1130593\nhttps://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042\nhttps://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69\nhttps://www.qualys.com/2026/03/10/crack-armor.txt"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3e474c2f201484be83d994ae10a4e20e8c81bb69)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Sudo", "source": "cna", "vendor": "Sudo project"}, "product": "sudo", "vendor": "sudo_project"}], "analysis": {"en": {"generated_at": "2026-04-03T05:20:26.797022+00:00", "value": {"mitigation_remediation": ["Verify the installed Sudo version; ensure it is newer than 1.9.17p2 or that the 3e474c2 patch has been applied.", "Upgrade to the latest Sudo release that includes the security fix, or apply the patch directly to the source and rebuild the package.", "After upgrading, test that the privilege drop behavior functions correctly and that the setuid/setgid calls do not succeed when the flag is not intended."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The Sudo project\u2019s Sudo utility is affected, specifically versions that were released before the commit identified as 3e474c2. This includes all Sudo releases up through 1.9.17p2 that have not integrated the patch. Systems running older or unpatched Sudo instances are therefore vulnerable, regardless of the operating system distribution.", "description_and_impact": "A failure of a setuid, setgid, or setgroups call during a privilege drop before Sudo runs its mailer is incorrectly treated as non\u2011fatal, allowing the program to continue with elevated privileges. This flaw exposes a risk that an attacker can gain higher privileges than intended, potentially writing files or executing commands as a privileged user. The weakness corresponds to CWE\u2011271, unauthorized modification of system or user permissions.", "risk_and_exploitability": "The vulnerability scores a CVSS 7.4, indicating moderate to high severity, though no EPSS value is available and it is not presently listed in the CISA KEV catalog. Attackers would need local or indirect access to execute the vulnerable Sudo binary to leverage the flaw, making it a local privilege escalation scenario. Without the patch, the flaw remains exploitable and could allow an attacker to increase privileges within the local system."}}}}, "created": "2026-04-03T07:31:12.665352+00:00", "title": "Privilege Escalation via Non\u2011fatal Group Privilege Drop in Sudo", "updated": "2026-04-03T09:16:00.260925+00:00", "vendors": ["sudo_project", "sudo_project$PRODUCT$sudo"]}