Conditional Local Privilege Escalation in Himmelblau for Microsoft Azure
CVE-2026-34397

6.3MEDIUM

Key Information:

Vendor

Himmelblau-idm

Status
Himmelblau
Vendor
CVE Published:
1 April 2026

What is CVE-2026-34397?

The Himmelblau Interoperability Suite for Microsoft Azure Entra ID and Intune has a local privilege escalation vulnerability present in specific versions. This occurs when authenticated users have a mapped Common Name (CN) that matches the names of privileged local groups such as 'sudo' or 'docker'. Under certain conditions, the NSS module resolves these group names to a false primary group, potentially allowing unauthorized users to gain elevated rights. The vulnerability affects Himmelblau versions 2.0.0-alpha through 2.3.9 and 3.0.0-alpha through 3.1.1, and has been fixed in later versions. Proper configuration of group names and strict access control are recommended to mitigate the risk.

Affected Version(s)

himmelblau >= 2.0.0-alpha, < 2.3.9 < 2.0.0-alpha, 2.3.9

himmelblau >= 3.0.0-alpha, < 3.1.1 < 3.0.0-alpha, 3.1.1

References

https://github.com/himmelblau-idm/himmelblau/security/adv...
x_refsource_CONFIRM
https://github.com/himmelblau-idm/himmelblau/releases/tag...
x_refsource_MISC
https://github.com/himmelblau-idm/himmelblau/releases/tag...
x_refsource_MISC

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.