vulnerability
Ubuntu: (CVE-2026-35535): sudo vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Apr 6, 2026 | Apr 7, 2026 | Apr 7, 2026 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 6, 2026
Added
Apr 7, 2026
Modified
Apr 7, 2026
Description
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Solution
ubuntu-upgrade-sudo
References
- CVE-2026-35535
- https://attackerkb.com/topics/CVE-2026-35535
- CWE-271
- EUVD-EUVD-2026-18571
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-18571
- https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69
- https://ubuntu.com/blog/apparmor-vulnerability-fixes-available
- https://ubuntu.com/security/notices/USN-8092-1
- https://ubuntu.com/security/vulnerabilities/crackarmor
- https://www.cve.org/CVERecord?id=CVE-2026-35535
- https://www.qualys.com/2026/03/10/crack-armor.txt
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.