Description
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.
Published: 2026-07-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Workaround

Set ldap_sudo_search_base explicitly in /etc/sssd/sssd.conf to restrict the search to the designated sudoers container: [domain/example.com] ldap_sudo_search_base = ou=sudoers,dc=example,dc=com Additionally, restrict LDAP ACLs to prevent non-admin principals from creating sudoRole objects outside the designated sudoers container.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 07 Jul 2026 10:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.
Title Sssd: sssd: sudo ldap provider searches entire directory tree for sudorole objects by default, enabling privilege escalation
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-1188
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Redhat Enterprise Linux Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-07T13:42:01.577Z

Reserved: 2026-07-02T14:49:31.316Z

Link: CVE-2026-14474

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-07-07T09:00:00Z

Links: CVE-2026-14474 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-1188

    Initialization of a Resource with an Insecure Default