Sudo: Privilege Escalation from Setuid/setgid/setgroups Failure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.4

Sudo: Privilege Escalation from Setuid/setgid/setgroups Failure

CVE-2026-35535

Summary

The Sudo software has a security issue where certain errors during user privilege changes can lead to unauthorized access. This affects users who rely on Sudo for secure access to system features. To protect your system, update to a patched version of Sudo.

Original title

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Original description

nvd CVSS3.1 7.4

Vulnerability type

CWE-271

https://bugs.debian.org/1130593
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042
https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81...
https://www.qualys.com/2026/03/10/crack-armor.txt

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026