RCE in Red Hat Enterprise Linux 10
CVE-2026-14474
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtre…
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
Frequently asked questions
- What is CVE-2026-14474?
- CVE-2026-14474 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Initialization of a Resource with an Insecure Default. CVSS score: 8.8/10. Published 2026-07-07.
- How severe is CVE-2026-14474?
- High severity. CVSS v3 base score is 8.8 out of 10.