CVE-2026-56766
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
Hydra up to version 9.7 contains a stack buffer overflow vulnerability in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing buffer overflow and enabling remote code execution.
Risk Assessment
This vulnerability poses a serious risk to organizations as it allows for remote code execution on systems without stack protection. This could lead to an attacker gaining control over the system.
Recommendation
It is recommended to upgrade to Hydra version 9.8 or later to mitigate this vulnerability. Additionally, implementing stack protection mechanisms is advisable to minimize the risk of buffer overflow.
Original NVD description (English source)
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling remote code execution on systems without stack protection.

