CVE Catalog

CVE-2026-40355

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile - higher than 39% of all known CVEs

Summary

In MIT Kerberos 5 (krb5) before version 1.22.3, there is a NULL pointer dereference when an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

Risk Assessment

An attacker can remotely crash services using GSS-API, leading to application disruption and potential denial of service (DoS).

Recommendation

Immediately upgrade MIT Kerberos 5 to version 1.22.3 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS