diff --git a/doc/sudo.man.in b/doc/sudo.man.in
index 063294a1d..332a53792 100644
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDO" "@mansectsu@" "March 31, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "@mansectsu@" "April 2, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -1140,7 +1140,9 @@ if no terminal is available or if the
 option is specified.
 .TP 17n
 \fRSUDO_COMMAND\fR
-Set to the command run by sudo.
+Set to the command run by sudo, including command line arguments.
+The command line arguments are truncated at 4096 characters to
+prevent a potential execution error.
 .TP 17n
 \fRSUDO_EDITOR\fR
 Default editor to use in
diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in
index cab324ffa..4ea438dc4 100644
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd March 31, 2020
+.Dd April 2, 2020
 .Dt SUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -1071,7 +1071,9 @@ if no terminal is available or if the
 .Fl A
 option is specified.
 .It Ev SUDO_COMMAND
-Set to the command run by sudo.
+Set to the command run by sudo, including command line arguments.
+The command line arguments are truncated at 4096 characters to
+prevent a potential execution error.
 .It Ev SUDO_EDITOR
 Default editor to use in
 .Fl e
diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
index dd5b657b6..e3dc88e4f 100644
--- a/plugins/sudoers/env.c
+++ b/plugins/sudoers/env.c
@@ -1109,7 +1109,12 @@ rebuild_env(void)
 
     /* Add the SUDO_COMMAND envariable (cmnd + args). */
     if (user_args) {
-	if (asprintf(&cp, "SUDO_COMMAND=%s %s", user_cmnd, user_args) == -1)
+	/*
+	 * We limit user_args to 4096 bytes to avoid an execve() failure
+	 * for very long argument vectors.  The command's environment also
+	 * counts against the ARG_MAX limit.
+	 */
+	if (asprintf(&cp, "SUDO_COMMAND=%s %.*s", user_cmnd, 4096, user_args) == -1)
 	    goto bad;
 	if (sudo_putenv(cp, true, true) == -1) {
 	    free(cp);