PatchSiren cyber security CVE debrief
CVE-2026-14474 Red Hat CVE debrief
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts. This vulnerability has a high CVSS score of 8.8 and is considered a high priority due to potential for privilege escalation.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
System administrators and security teams responsible for managing SSSD configurations and monitoring LDAP directory trees for potential security threats should be aware of this vulnerability. They should review and explicitly configure the ldap_sudo_search_base option, monitor LDAP directory trees for unauthorized changes, and implement compensating controls to restrict sudo privileges.
Technical summary
The vulnerability exists in SSSD's LDAP sudo provider. If the ldap_sudo_search_base option is not set, SSSD performs a comprehensive search of the LDAP directory tree for sudoRole objects. This allows an authenticated attacker with write access to any subtree to inject a sudoRole object, potentially granting root-level sudo privileges on all hosts enrolled with SSSD. The attack requires write access to any subtree, making it a significant concern for system administrators.
Defensive priority
High priority due to potential for privilege escalation and significant impact on system security.
Recommended defensive actions
- Review and explicitly configure the ldap_sudo_search_base option to limit the search scope
- Monitor LDAP directory trees for unauthorized changes
- Implement compensating controls to restrict sudo privileges
- Regularly update and patch SSSD configurations
- Perform vulnerability scanning and risk assessment
- Enforce least privilege access controls
- Verify affected systems and apply patches
Evidence notes
Evidence is based on limited information from the NVD and a Red Hat security advisory. Further investigation is recommended to fully understand the vulnerability's impact and affected systems. The vulnerability allows an authenticated attacker with write access to inject a sudoRole object, potentially granting root-level sudo privileges. Limited source detail exists, so defenders should verify affected scope and vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T10:16:39.870Z and has not been modified since.