CVE-2026-34397 MEDIUM

CVE-2026-34397: himmelblau: NSS fake-primary group lookup reintroduces name collision risk

Vendor Himmelblau-Idm

Product himmelblau

Weakness CWE-269

Published April 1, 2026

Last update April 4, 2026

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1.

Key dates

02Disclosure timeline

April 1, 2026 CVE published

April 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-34397 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2026-34397

CWE CWE-269

CVSS 6.3 / MEDIUM

Affected versions

Vendor Himmelblau-Idm

Product himmelblau

Affected >= 2.0.0-alpha, < 2.3.9

Vendor Himmelblau-Idm

Product himmelblau

Affected >= 3.0.0-alpha, < 3.1.1

CVE-2026-34397: himmelblau: NSS fake-primary group lookup reintroduces name collision risk

01Description

02Disclosure timeline

03References

04Related CVE