PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14474 Red Hat CVE debrief

A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts. This vulnerability has a high CVSS score of 8.8 and is considered a high priority due to potential for privilege escalation.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

System administrators and security teams responsible for managing SSSD configurations and monitoring LDAP directory trees for potential security threats should be aware of this vulnerability. They should review and explicitly configure the ldap_sudo_search_base option, monitor LDAP directory trees for unauthorized changes, and implement compensating controls to restrict sudo privileges.

Technical summary

The vulnerability exists in SSSD's LDAP sudo provider. If the ldap_sudo_search_base option is not set, SSSD performs a comprehensive search of the LDAP directory tree for sudoRole objects. This allows an authenticated attacker with write access to any subtree to inject a sudoRole object, potentially granting root-level sudo privileges on all hosts enrolled with SSSD. The attack requires write access to any subtree, making it a significant concern for system administrators.

Defensive priority

High priority due to potential for privilege escalation and significant impact on system security.

Recommended defensive actions

  • Review and explicitly configure the ldap_sudo_search_base option to limit the search scope
  • Monitor LDAP directory trees for unauthorized changes
  • Implement compensating controls to restrict sudo privileges
  • Regularly update and patch SSSD configurations
  • Perform vulnerability scanning and risk assessment
  • Enforce least privilege access controls
  • Verify affected systems and apply patches

Evidence notes

Evidence is based on limited information from the NVD and a Red Hat security advisory. Further investigation is recommended to fully understand the vulnerability's impact and affected systems. The vulnerability allows an authenticated attacker with write access to inject a sudoRole object, potentially granting root-level sudo privileges. Limited source detail exists, so defenders should verify affected scope and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T10:16:39.870Z and has not been modified since.