Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-35535
7.4 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
In Sudo through 1.9.17p2 before 3e474c2, a failure of a …
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
References
Affected products
Sudo
- <3e474c2f201484be83d994ae10a4e20e8c81bb69
Matching in nixpkgs
pkgs.sudo
Command to run commands as root
pkgs.qsudo
Graphical sudo utility from Project Trident
-
nixos-unstable 2020.03.27
- nixpkgs-unstable 2020.03.27
- nixos-unstable-small 2020.03.27
-
nixos-25.11 2020.03.27
- nixos-25.11-small 2020.03.27
- nixpkgs-25.11-darwin 2020.03.27
pkgs.sudo-rs
Memory safe implementation of sudo and su
pkgs.psudohash
Password list generator for orchestrating brute force attacks and cracking hashes
pkgs.sudo-font
Font for programmers and command line users
pkgs.darwin.sudo
None
pkgs.gnome-sudoku
Test your logic skills in this number grid puzzle
pkgs.doas-sudo-shim
Shim for the sudo command that utilizes doas
pkgs.lxqt.lxqt-sudo
GUI frontend for sudo/su
pkgs.yaziPlugins.sudo
Call `sudo` in yazi
-
nixos-unstable 0-unstable-2025-11-05
- nixpkgs-unstable 0-unstable-2025-11-05
- nixos-unstable-small 0-unstable-2025-11-05
-
nixos-25.11 0-unstable-2025-11-05
- nixos-25.11-small 0-unstable-2025-11-05
- nixpkgs-25.11-darwin 0-unstable-2025-11-05
pkgs.libsForQt5.ksudoku
Suduko game
pkgs.kdePackages.ksudoku
KSudoku is a logic-based symbol placement puzzle
pkgs.plasma5Packages.ksudoku
Suduko game
pkgs.fishPlugins.plugin-sudope
Fish plugin to quickly put 'sudo' in your command
-
nixos-unstable 0-unstable-2025-09-16
- nixpkgs-unstable 0-unstable-2025-09-16
- nixos-unstable-small 0-unstable-2025-09-16
-
nixos-25.11 0-unstable-2025-09-16
- nixos-25.11-small 0-unstable-2025-09-16
- nixpkgs-25.11-darwin 0-unstable-2025-09-16
Package maintainers
-
@dani0854 Danil Suetin <suetin085+nixpkgs@protonmail.com>
-
@Anomalocaridid Duncan Russell <duncan@anomalocaris.xyz>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@K900 Ilya K. <me@0upti.me>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@exploitoverload Asier Armenteros <nix@exploitoverload.com>
-
@rhendric Ryan Hendrickson
-
@R-VdP Ramses <ramses@well-founded.dev>
-
@nicoonoclaste nicoo <nicoo@debian.org>
-
@khaneliman Austin Horstman <khaneliman12@gmail.com>