{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35535", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-03T02:21:32.829Z", "datePublished": "2026-04-03T02:21:33.584Z", "dateUpdated": "2026-06-02T13:01:15.329Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sudo", "vendor": "Sudo project", "versions": [{"lessThan": "3e474c2f201484be83d994ae10a4e20e8c81bb69", "status": "affected", "version": "0", "versionType": "git"}]}], "descriptions": [{"lang": "en", "value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-271", "description": "CWE-271 Privilege Dropping / Lowering Errors", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T02:21:33.584Z"}, "references": [{"url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"}, {"url": "https://www.qualys.com/2026/03/10/crack-armor.txt"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"}, {"url": "https://bugs.debian.org/1130593"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-35535"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:55:19.379Z"}}, {"x_adpType": "supplier", "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-06-02T13:01:15.329Z"}, "affected": [{"vendor": "Siemens", "product": "RUGGEDCOM RST2428P", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"affected": [{"vendor": "Siemens", "product": "RUGGEDCOM RST2428P", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "x_adpType": "supplier", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"}], "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-06-02T13:01:15.329Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35535", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-03T13:14:52.302723Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:14:56.484Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sudo project", "product": "Sudo", "versions": [{"status": "affected", "version": "0", "lessThan": "3e474c2f201484be83d994ae10a4e20e8c81bb69", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"}, {"url": "https://www.qualys.com/2026/03/10/crack-armor.txt"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"}, {"url": "https://bugs.debian.org/1130593"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-271", "description": "CWE-271 Privilege Dropping / Lowering Errors"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T02:21:33.584Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35535", "state": "PUBLISHED", "dateUpdated": "2026-06-02T13:01:15.329Z", "dateReserved": "2026-04-03T02:21:32.829Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-03T02:21:33.584Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "matchCriteriaId": "F87EA85C-7218-4B4A-BEDD-3E659E0F1844", "versionEndExcluding": "1.9.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.9.17:-:*:*:*:*:*:*", "matchCriteriaId": "B563C690-EE9A-437C-9410-54209F82F827", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.9.17:p1:*:*:*:*:*:*", "matchCriteriaId": "85195641-E25B-4CC6-8AB1-A04B9FAC151D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.9.17:p2:*:*:*:*:*:*", "matchCriteriaId": "F6C77AD7-701D-4FE9-A473-259C05EA0C96", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinec_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C82988C9-17E0-46E9-9C58-23CD403ECC29", "versionEndExcluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:ruggedcom_rst2428p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5162CF70-42A4-4CBD-BE7E-17526719138A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."}], "id": "CVE-2026-35535", "lastModified": "2026-06-02T17:50:58.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T03:16:18.233", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://bugs.debian.org/1130593"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.qualys.com/2026/03/10/crack-armor.txt"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-271"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "sudo: Sudo: Privilege escalation due to failure in privilege drop calls", "id": "2454714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454714"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-272", "details": ["A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system."], "name": "CVE-2026-35535", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-03T02:21:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-35535\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-35535\nhttps://bugs.debian.org/1130593\nhttps://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042\nhttps://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69\nhttps://www.qualys.com/2026/03/10/crack-armor.txt"], "threat_severity": "Important"}