PT-2026-56171 · Red Hat · Red Hat Enterprise Linux 10+5

Ian Murphy

·

Published

2026-07-07

·

Updated

2026-07-07

·

CVE-2026-14474

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
A flaw was found in SSSD's LDAP sudo provider. When the ldap sudo search base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14474

Affected Products

Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Openshift Container Platform 4