Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Sudo Privilege Escalation Through Privilege Drop Failure
DEBIAN-CVE-2026-35535
Summary
A weakness in Sudo's privilege management could allow an attacker to gain extra permissions. This issue affects all versions of Sudo before 1.9.17.2. To mitigate this risk, update Sudo to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | sudo | All versions | – |
| debian | sudo | All versions | – |
| debian | sudo | All versions | – |
| debian | sudo | All versions | – |
Original title
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Original description
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
- https://security-tracker.debian.org/tracker/CVE-2026-35535 Vendor Advisory
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026