CVE-2026-35535
Modified Modified - Updated After Analysis
Privilege Escalation in Sudo via Non-Fatal Privilege Drop Failure

Publication date: 2026-04-03

Last updated on: 2026-06-04

Assigner: MITRE

Description
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-06-04
Generated
2026-06-19
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-18
NVD
CVE-2026-35535
EUVD
EUVD-2026-18571
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
siemens sinec_os to 4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-271 The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the sudo program versions through 1.9.17p2 before a specific patch (commit 3e474c2). It occurs because when sudo tries to drop privileges before running its mailer process, failures in system calls that set user ID (setuid), group ID (setgid), or supplementary groups (setgroups) are not treated as fatal errors. This means that if these calls fail, the mailer may still run with elevated privileges, potentially allowing an attacker to escalate their privileges on the system.

The patch fixes this by ensuring that both user and group IDs are properly set and that any failure in these calls causes the process to exit immediately, preventing the mailer from running with incorrect privileges.

Compliance Impact

The provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can lead to privilege escalation, where an unprivileged user might gain higher privileges than intended. Specifically, because the mailer process may run with incorrect or elevated privileges if the privilege dropping calls fail silently, an attacker could exploit this to execute code with elevated rights, compromising system security.

Such privilege escalation can allow unauthorized access to sensitive data, modification of system files, or execution of arbitrary commands with elevated privileges.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Mitigation Strategies

To mitigate this vulnerability, update the sudo package to a version that includes the fix from commit 3e474c2 or later.

The fix ensures that failures in setuid(), setgid(), or setgroups() calls during the mailer execution are treated as fatal errors, preventing privilege escalation.

Ensure your sudo version is at least 1.9.17p2 with the patch applied or a later secure release.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35535. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart