CVE-2026-35535

Published: Apr 03, 2026 Last Modified: Apr 03, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,4

Source: [email protected]

Attack Vector: local

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

271

Privilege Dropping / Lowering Errors

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Non-Repudiation

Potential Impacts:

Gain Privileges Or Assume Identity Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://bugs.debian.org/1130593

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042

https://github.com/sudo-project/sudo/commit/3e474c2f201484b…

https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c8…

https://www.qualys.com/2026/03/10/crack-armor.txt

CVE-2026-35535

Description

Privilege Dropping / Lowering Errors

Common Consequences

Applicable Platforms

Iscriviti alla newsletter