A privilege escalation vulnerability (CVE-2026-35535, CVSS 7.4 High) in sudo allows an attacker to gain elevated privileges due to a failure in privilege drop calls. The advisory applies to Red Hat Enterprise Linux 8, with the fix provided in sudo package version 1.9.5p2-1.el8_10.5. Administrators should apply the update using the referenced Red Hat solution article.
Red Hat Product Errata RHSA-2026:11521 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:11521 - Security Advisory Overview Updated Packages Synopsis Important: sudo security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): sudo: Sudo: Privilege escalation due to failure in privilege drop calls (CVE-2026-35535) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2454714 - CVE-2026-35535 sudo: Sudo: Privilege escalation due to failure in privilege drop calls CVEs CVE-2026-35535 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 x86_64 sudo-1.9.5p2-1.el8_10.5.x86_64.rpm SHA-256: ec77da6f75a02ae16b5e7541426f6b5a59055399d426f8fead1489ea7e3cc777 sudo-debuginfo-1.9.5p2-1.el8_10.5.x86_64.rpm SHA-256: c3f61b1124066d000047e3c409ffead0e6fee13bace9f9fdbeeb48c35ebbb15e sudo-debugsource-1.9.5p2-1.el8_10.5.x86_64.rpm SHA-256: 23317db6b9fd5a7568ceb4817476c4bc2ec0129e95ef874c06e9a77cee850912 Red Hat Enterprise Linux for IBM z Systems 8 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 s390x sudo-1.9.5p2-1.el8_10.5.s390x.rpm SHA-256: 40432c5bab48a4872cdb3b1a640fbaf77e4316032cd58fd1e6c78db469c9f8b8 sudo-debuginfo-1.9.5p2-1.el8_10.5.s390x.rpm SHA-256: e958822658829858c70b824f3db726425fb34be93630fcbf64e656bd45caedcb sudo-debugsource-1.9.5p2-1.el8_10.5.s390x.rpm SHA-256: cb9c90a3b3b39d5a288b1ea4486f6628bdb0cc25e107a70f6efcde24ba1b4e03 Red Hat Enterprise Linux for Power, little endian 8 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 ppc64le sudo-1.9.5p2-1.el8_10.5.ppc64le.rpm SHA-256: d2d23b6a4eb438fb682c79df46f075e5d2b658b031975d87e852000ae0f830d6 sudo-debuginfo-1.9.5p2-1.el8_10.5.ppc64le.rpm SHA-256: b0cf9c6337e48b66f5d4926b80d03c513bfc9d1f581213c8b0b2b5aa8751269b sudo-debugsource-1.9.5p2-1.el8_10.5.ppc64le.rpm SHA-256: 15a949f0c94789769a36d55f59c3906a3d4fea78fcbe4932d5d217de6fd22b81 Red Hat Enterprise Linux for ARM 64 8 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 aarch64 sudo-1.9.5p2-1.el8_10.5.aarch64.rpm SHA-256: 7532ed32e371941492f3cd2e705eb32a3c9bae60780b49c9ee3a3fd83d96b59a sudo-debuginfo-1.9.5p2-1.el8_10.5.aarch64.rpm SHA-256: e55eaccd5e0b70dbfe97e6f217bc91f0e42ab8978ae7eddd3e2df827930d6bf9 sudo-debugsource-1.9.5p2-1.el8_10.5.aarch64.rpm SHA-256: 9107a0373610b76682fff0dad3daca22796b03da07733cdc3b3452dfb40c986b Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 x86_64 sudo-1.9.5p2-1.el8_10.5.x86_64.rpm SHA-256: ec77da6f75a02ae16b5e7541426f6b5a59055399d426f8fead1489ea7e3cc777 sudo-debuginfo-1.9.5p2-1.el8_10.5.x86_64.rpm SHA-256: c3f61b1124066d000047e3c409ffead0e6fee13bace9f9fdbeeb48c35ebbb15e sudo-debugsource-1.9.5p2-1.el8_10.5.x86_64.rpm SHA-256: 23317db6b9fd5a7568ceb4817476c4bc2ec0129e95ef874c06e9a77cee850912 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 aarch64 sudo-1.9.5p2-1.el8_10.5.aarch64.rpm SHA-256: 7532ed32e371941492f3cd2e705eb32a3c9bae60780b49c9ee3a3fd83d96b59a sudo-debuginfo-1.9.5p2-1.el8_10.5.aarch64.rpm SHA-256: e55eaccd5e0b70dbfe97e6f217bc91f0e42ab8978ae7eddd3e2df827930d6bf9 sudo-debugsource-1.9.5p2-1.el8_10.5.aarch64.rpm SHA-256: 9107a0373610b76682fff0dad3daca22796b03da07733cdc3b3452dfb40c986b Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 ppc64le sudo-1.9.5p2-1.el8_10.5.ppc64le.rpm SHA-256: d2d23b6a4eb438fb682c79df46f075e5d2b658b031975d87e852000ae0f830d6 sudo-debuginfo-1.9.5p2-1.el8_10.5.ppc64le.rpm SHA-256: b0cf9c6337e48b66f5d4926b80d03c513bfc9d1f581213c8b0b2b5aa8751269b sudo-debugsource-1.9.5p2-1.el8_10.5.ppc64le.rpm SHA-256: 15a949f0c94789769a36d55f59c3906a3d4fea78fcbe4932d5d217de6fd22b81 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM sudo-1.9.5p2-1.el8_10.5.src.rpm SHA-256: a8092bf7be28d9ad0a1c1faa8cfd5086a66dab584d9f9859e846abd64d9b08a1 s390x sudo-1.9.5p2-1.el8_10.5.s390x.rpm SHA-256: 40432c5bab48a4872cdb3b1a640fbaf77e4316032cd58fd1e6c78db469c9f8b8 sudo-debuginfo-1.9.5p2-1.el8_10.5.s390x.rpm SHA-256: e958822658829858c70b824f3db726425fb34be93630fcbf64e656bd45caedcb sudo-debugsource-1.9.5p2-1.el8_10.5.s390x.rpm SHA-256: cb9c90a3b3b39d5a288b1ea4486f6628bdb0cc25e107a70f6efcde24ba1b4e03 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .