diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 5ba27260c3b7..405c5b6cb472 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -81,6 +81,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 *Heartbeat*
 
 - Fix panics when parsing dereferencing invalid parsed url. {pull}34702[34702]
+- Fix setuid root when running under cgroups v2. {pull}37794[37794]
 
 *Metricbeat*
 
diff --git a/heartbeat/security/security.go b/heartbeat/security/security.go
index 20c0f5cc7d68..8e15102f7b8d 100644
--- a/heartbeat/security/security.go
+++ b/heartbeat/security/security.go
@@ -26,8 +26,6 @@ import (
 	"strconv"
 	"syscall"
 
-	sysinfo "github.com/elastic/go-sysinfo"
-
 	"kernel.org/pub/linux/libs/security/libcap/cap"
 )
 
@@ -36,13 +34,7 @@ func init() {
 	// In the context of a container, where users frequently run as root, we follow BEAT_SETUID_AS to setuid/gid
 	// and add capabilities to make this actually run as a regular user. This also helps Node.js in synthetics, which
 	// does not want to run as root. It's also just generally more secure.
-	sysInfo, err := sysinfo.Host()
-	isContainer := false
-	if err == nil && sysInfo.Info().Containerized != nil {
-		isContainer = *sysInfo.Info().Containerized
-	}
-
-	if localUserName := os.Getenv("BEAT_SETUID_AS"); isContainer && localUserName != "" && syscall.Geteuid() == 0 {
+	if localUserName := os.Getenv("BEAT_SETUID_AS"); localUserName != "" && syscall.Geteuid() == 0 {
 		err := setNodeProcAttr(localUserName)
 		if err != nil {
 			panic(err)