If exploited, this vulnerability allows any user with local access to a Rocky Linux 9 system to gain full administrative control of that host, potentially enabling data theft, ransomware deployment, or lateral movement across connected systems. Organizations running Rocky Linux 9 on servers hosting sensitive data or critical workloads face the highest operational and compliance risk. The absence of confirmed CVSS data means prioritization should be conservative — treat as critical until authoritative scoring is published.
You Are Affected If
You run Rocky Linux 9 with the sudo package installed and have not applied the RLSA-2026-12345 update
Users on affected systems have sudo access configured in /etc/sudoers or /etc/sudoers.d/
Affected systems are accessible to non-administrative local users, shared accounts, or interactive login sessions
You run Red Hat Enterprise Linux 9, Oracle Linux 9, or Ubuntu with sudo and are awaiting confirmation of cross-distribution impact from respective vendor advisories
You have no EDR or auditd coverage on Linux hosts to detect anomalous privilege escalation attempts
Board Talking Points
A critical flaw in a core Linux privilege control component affects systems running Rocky Linux 9, potentially allowing any user with local access to take full control of those servers.
IT security teams should apply the available patch (RLSA-2026-12345) to all Rocky Linux 9 systems within 24-48 hours and verify completion.
Without patching, any user account compromised on an affected server becomes a full system compromise — significantly increasing breach scope and recovery costs.
