CVE-2026-34397

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Himmelblau versions 2.0.0-alpha through 2.3.8 and 3.0.0-alpha through 3.1.0

Description Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune, contains a conditional local privilege escalation issue due to an edge-case naming collision. Authenticated users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to a fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group.

Recommendations Update to version 2.3.9 or later. Update to version 3.1.1 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2026-04600

CVE-2026-34397

OPENSUSE-SU-2026:10483-1

SUSE-SU-2026:1361-1

Affected Products

Himmelblau

Intune

Azure Entra Id

CVE-2026-34397

Weakness Enumeration

Related Identifiers

Affected Products

References · 23