PT-2026-60898 · Pypi · Sh
CVE-2026-54552
·
Published
2026-07-17
·
Updated
2026-07-17
CVSS v3.1
7.9
High
| Vector | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Impact
The
uid option performed an incomplete privilege drop on Linux/Unix-like systems.When
sh was run from a process with elevated privileges, such as root, and a command was launched with uid=<unprivileged user>, the child process changed its UID and primary GID but did not reset its supplementary groups. As a result, the child process could retain the parent process’s supplementary groups, potentially including privileged groups such as root, docker, disk, shadow, or sudo.This could allow a subprocess that was expected to run with reduced privileges to access files or resources available to the original process’s supplementary groups. Users are impacted if they rely on
uid as a privilege boundary when launching commands from a privileged parent process.Patches
Upgrade to version >= 2.2.4
Workarounds
Avoid using
uid when the user represents a less-privileged user.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sh