Vulnerability Database>CVE-2026-35535

CVE-2026-35535

‍

Publish date: April 4, 2026

Severity

High

CVSS score

7.4

Package

sudo

Affected versions

>= 1.9.16p2-2-e0, < 1.9.16p2-3+deb13u1+e1

In Sudo versions up to 1.9.17p2, specifically before commit 3e474c2, a failure in a setuid, setgid, or setgroups call during the privilege drop prior to executing the mailer is not treated as a fatal error. This situation can potentially lead to privilege escalation.

‍

Learn about Echo's vulnerability management

Learn more

CVE-2026-35535

NVD Record:

References:

Related CVEs: