CVE-2026-35535
Modified Modified - Updated After Analysis

Privilege Escalation in Sudo via Non-Fatal Privilege Drop Failure

Vulnerability report for CVE-2026-35535, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-03

Last updated on: 2026-07-02

Assigner: MITRE

Description

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-03
Last Modified
2026-07-02
Generated
2026-07-09
AI Q&A
2026-04-03
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
siemens sinec_os to 4.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-272 The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
CWE-271 The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the sudo program versions through 1.9.17p2 before a specific patch (commit 3e474c2). It occurs because when sudo tries to drop privileges before running its mailer process, failures in system calls that set user ID (setuid), group ID (setgid), or supplementary groups (setgroups) are not treated as fatal errors. This means that if these calls fail, the mailer may still run with elevated privileges, potentially allowing an attacker to escalate their privileges on the system.

The patch fixes this by ensuring that both user and group IDs are properly set and that any failure in these calls causes the process to exit immediately, preventing the mailer from running with incorrect privileges.

Impact Analysis

This vulnerability can lead to privilege escalation, where an unprivileged user might gain higher privileges than intended. Specifically, because the mailer process may run with incorrect or elevated privileges if the privilege dropping calls fail silently, an attacker could exploit this to execute code with elevated rights, compromising system security.

Such privilege escalation can allow unauthorized access to sensitive data, modification of system files, or execution of arbitrary commands with elevated privileges.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Mitigation Strategies

To mitigate this vulnerability, update the sudo package to a version that includes the fix from commit 3e474c2 or later.

The fix ensures that failures in setuid(), setgid(), or setgroups() calls during the mailer execution are treated as fatal errors, preventing privilege escalation.

Ensure your sudo version is at least 1.9.17p2 with the patch applied or a later secure release.

Compliance Impact

The provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35535. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart