CVE-2026-14474 Sssd: sssd: sudo ldap provider searches entire directory tree for sudorole objects by default, enabling privilege escalation
A flaw was found in SSSD's LDAP sudo provider. When the ldapsudosearchbase option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo...