CVE-2026-34397: CWE-269: Improper Privilege Management in himmelblau-idm himmelblau
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1.
AI Analysis
Technical Summary
Himmelblau versions 2.0.0-alpha to <2.3.9 and 3.0.0-alpha to <3.1.1 contain a conditional local privilege escalation vulnerability due to improper privilege management (CWE-269). The issue arises from an edge-case naming collision where an authenticated user's CN/short name matches a privileged local group name (e.g., sudo, wheel, docker, adm). The NSS module then incorrectly resolves the group name to the attacker's fake primary group. Systems relying on NSS for group-based authorization (such as sudo or polkit) may grant the attacker elevated privileges. This vulnerability is patched in versions 2.3.9 and 3.1.1.
Potential Impact
An authenticated user can escalate privileges locally by exploiting a naming collision in group name resolution, potentially gaining the privileges of sensitive local groups. This could allow unauthorized administrative actions on affected systems. There are no known exploits in the wild at this time.
Mitigation Recommendations
A patch is available and should be applied by upgrading himmelblau to version 2.3.9 or 3.1.1 or later. Applying these updates will remediate the vulnerability. No additional mitigation steps are indicated by the vendor advisory.
CVE-2026-34397: CWE-269: Improper Privilege Management in himmelblau-idm himmelblau
Description
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Himmelblau versions 2.0.0-alpha to <2.3.9 and 3.0.0-alpha to <3.1.1 contain a conditional local privilege escalation vulnerability due to improper privilege management (CWE-269). The issue arises from an edge-case naming collision where an authenticated user's CN/short name matches a privileged local group name (e.g., sudo, wheel, docker, adm). The NSS module then incorrectly resolves the group name to the attacker's fake primary group. Systems relying on NSS for group-based authorization (such as sudo or polkit) may grant the attacker elevated privileges. This vulnerability is patched in versions 2.3.9 and 3.1.1.
Potential Impact
An authenticated user can escalate privileges locally by exploiting a naming collision in group name resolution, potentially gaining the privileges of sensitive local groups. This could allow unauthorized administrative actions on affected systems. There are no known exploits in the wild at this time.
Mitigation Recommendations
A patch is available and should be applied by upgrading himmelblau to version 2.3.9 or 3.1.1 or later. Applying these updates will remediate the vulnerability. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-27T13:45:29.619Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cd7224e6bfc5ba1dee83e0
Added to database: 4/1/2026, 7:29:40 PM
Last enriched: 4/9/2026, 10:39:25 PM
Last updated: 5/22/2026, 7:14:17 PM
Views: 31
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.