{"id":"CVE-2026-35535","details":"In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.","modified":"2026-05-26T16:59:13.295462544Z","published":"2026-04-03T02:21:33.584Z","related":["ALSA-2026:10758","ALSA-2026:11521","ALSA-2026:12310","ALSA-2026:19067","ALSA-2026:19220","SUSE-SU-2026:1308-1","SUSE-SU-2026:1309-1","SUSE-SU-2026:1359-1","SUSE-SU-2026:21252-1","SUSE-SU-2026:21273-1","SUSE-SU-2026:21369-1","openSUSE-SU-2026:10510-1","openSUSE-SU-2026:20604-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"3e474c2f201484be83d994ae10a4e20e8c81bb69"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"fixed":"3e474c2"}],"source":"DESCRIPTION"}],"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35535.json","cwe_ids":["CWE-271"]},"references":[{"type":"WEB","url":"https://bugs.debian.org/1130593"},{"type":"WEB","url":"https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"},{"type":"WEB","url":"https://www.qualys.com/2026/03/10/crack-armor.txt"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35535.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35535"},{"type":"FIX","url":"https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sudo-project/sudo","events":[{"introduced":"0"},{"fixed":"d1b48c651cec19fe37d1f0d3299d2283fb0f88e4"}]}],"versions":["v1.9.17p1","v1.9.17","v1.9.16p2","SUDO_1_9_16p2","v1.9.16p1","SUDO_1_9_16p1","v1.9.16","SUDO_1_9_16","v1.9.15p5","SUDO_1_9_15p5","v1.9.15p4","SUDO_1_9_15p4","v1.9.15p3","SUDO_1_9_15p3","v1.9.15p2","SUDO_1_9_15p2","v1.9.15p1","SUDO_1_9_15p1","v1.9.15","SUDO_1_9_15","v1.9.14p3","SUDO_1_9_14p3","v1.9.14p2","SUDO_1_9_14p2","v1.9.14p1","SUDO_1_9_14p1","v1.9.14","SUDO_1_9_14","v1.9.13p3","SUDO_1_9_13p3","v1.9.13p2","SUDO_1_9_13p2","v1.9.13p1","SUDO_1_9_13p1","v1.9.13","SUDO_1_9_13","v1.9.12p2","SUDO_1_9_12p2","v1.9.12p1","SUDO_1_9_12p1","v1.9.12","SUDO_1_9_12","v1.9.11p3","SUDO_1_9_11p3","v1.9.11p2","SUDO_1_9_11p2","v1.9.11p1","SUDO_1_9_11p1","v1.9.11","SUDO_1_9_11","v1.9.10","SUDO_1_9_10","v1.9.9","SUDO_1_9_9","v1.9.8p2","SUDO_1_9_8p2","v1.9.8p1","SUDO_1_9_8p1","v1.9.8","SUDO_1_9_8","v1.9.7p2","SUDO_1_9_7p2","v1.9.7p1","SUDO_1_9_7p1","v1.9.7","SUDO_1_9_7","v1.9.6p1","SUDO_1_9_6p1","v1.9.6","SUDO_1_9_6","v1.9.5p2","SUDO_1_9_5p2","v1.9.5p1","SUDO_1_9_5p1","v1.9.5","SUDO_1_9_5","v1.9.4p2","SUDO_1_9_4p2","v1.9.4p1","SUDO_1_9_4p1","v1.9.4","SUDO_1_9_4","v1.9.3p1","SUDO_1_9_3p1","v1.9.3","SUDO_1_9_3","v1.9.2","SUDO_1_9_2","v1.9.1","SUDO_1_9_1","v1.9.0","SUDO_1_9_0","v1.8.0","SUDO_1_8_0","v1.7.2","SUDO_1_7_2","v1.7.1","SUDO_1_7_1","v1.7.0","SUDO_1_7_0","v1.6.8p1","SUDO_1_6_8p1","v1.6.8","SUDO_1_6_8","v1.6.7","SUDO_1_6_7","v1.6.6","SUDO_1_6_6","v1.6.5","SUDO_1_6_5","v1.6.4","SUDO_1_6_4","v1.6.3","SUDO_1_6_3","v1.6.2","SUDO_1_6_2","v1.6.1","SUDO_1_6_1","v1.6.0","SUDO_1_6_0","v1.5.9","SUDO_1_5_9","v1.5.8","SUDO_1_5_8","v1.5.7","SUDO_1_5_7","v1.5.6","SUDO_1_5_6","v1.5.4","SUDO_1_5_4","v1.5.3","SUDO_1_5_3","v1.5.2","SUDO_1_5_2","v1.5.1","SUDO_1_5_1","v1.5.0","SUDO_1_5_0","v1.4.0","SUDO_1_4_0","v1.3.1","SUDO_1_3_1","v1.3.0","SUDO_1_3_0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-35535.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}