CVE-2026-35535
EUVD-2026-1857103.04.2026, 03:16
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sudo_project | sudo | 𝑥 < 1.9.17 |
| sudo_project | sudo | 1.9.17 |
| sudo_project | sudo | 1.9.17:p1 |
| sudo_project | sudo | 1.9.17:p2 |
| siemens | sinec_os | 𝑥 < 4.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Siemens | RUGGEDCOM RST2428P | 𝑥 < V4.0 | ADP |
Debian Releases
openSUSE / SLES Releases
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| sudo |
| ||
| sudo-debuginfo |
| ||
| sudo-debugsource |
| ||
| sudo-devel |
| ||
| sudo-logsrvd |
| ||
| sudo-logsrvd-debuginfo |
| ||
| sudo-python-plugin |
| ||
| sudo-python-plugin-debuginfo |
|
Common Weakness Enumeration
- CWE-271 - Privilege Dropping / Lowering ErrorsThe software does not drop privileges before passing control of a resource to an actor that does not have those privileges.
- CWE-272 - Least Privilege ViolationThe elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
References