CVE Catalog

CVE-2026-12610

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

A use-after-free vulnerability was found in the SSSD (System Security Services Daemon) PAM component responsible for YubiKey authentication. The flaw is caused by improper memory pointer handling, which can lead to a crash. A local attacker could exploit this by manipulating smartcard or YubiKey contents.

Risk Assessment

This vulnerability allows a local attacker to perform a Denial of Service (DoS) attack, disrupting the authentication process. There is also a potential for privilege escalation, although it is difficult to exploit.

Recommendation

Update SSSD to the latest version containing the fix for the use-after-free vulnerability immediately. Until the update is applied, restrict physical access to workstations and monitor logs for unusual YubiKey authentication events.

Original NVD description (English source)

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS