Privilege Escalation Vulnerability in Sudo from Sudo Project
CVE-2026-35535

7.4HIGH

Key Information:

Vendor: Sudo Project
Status: Sudo
Vendor: CVE Published:; 3 April 2026

🔔 Create Sudo Project Vulnerability Alert

What is CVE-2026-35535?

In versions of Sudo prior to a critical patch, a flaw exists where the failure of a setuid, setgid, or setgroups call during a privilege drop is not treated as a fatal error. This oversight can potentially allow unauthorized users to escalate their privileges, compromising system security and integrity. It is vital for organizations using this software to assess their risk and apply appropriate updates.

Affected Version(s)

Sudo 0 < 3e474c2f201484be83d994ae10a4e20e8c81bb69

References

https://github.com/sudo-project/sudo/commit/3e474c2f20148...

https://www.qualys.com/2026/03/10/crack-armor.txt

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Apr 3, 2026

CVE-2026-35535 Data

JSON