vulnerability

Oracle Linux: CVE-2026-35535: ELSA-2026-10758: sudo security update (IMPORTANT)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Apr 3, 2026	Apr 29, 2026	Apr 29, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Apr 3, 2026

Added

Apr 29, 2026

Modified

Apr 29, 2026

Description

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system.

Solutions

oracle-linux-upgrade-sudooracle-linux-upgrade-sudo-python-plugin

References

CVE-2026-35535
https://attackerkb.com/topics/CVE-2026-35535
ELSA-ELSA-2026-10758
CWE-271
EUVD-EUVD-2026-18571
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-18571

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report