CVE-2026-40355
published 2026-04-28CVE-2026-40355: In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx…
PriorityP434medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
0.46%
36.7th percentile
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mit | kerberos_5 | >= 1.18 < 1.22.3 | 1.22.3 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
vendor_redhat·2026-04-28·CVSS 5.9
CVE-2026-40355 [MEDIUM] CWE-476 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).
Statement: Moderate: This flaw allows an unauthenticated remote attacker to cause a Denial of Service in MIT Kerberos 5 by triggering a NULL pointer dereference. Exploitation requires the NegoEx mechanism to be explicitly registered in the system's GSSAPI configuration, which is not a default state in all Red Hat environments.
Mitigation: To mitigate this issue, remove the NegoEx mechanism registrat
GHSA
GHSA-8qgv-wm66-hrmc: In MIT Kerberos 5 (aka krb5) before 1
ghsa_unreviewed·2026-04-28
CVE-2026-40355 [MEDIUM] CWE-476 GHSA-8qgv-wm66-hrmc: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
VulDB
MIT Kerberos 5 up to 1.22.2 NegoEx Mechanism /etc/gss/mech gss_accept_sec_context null pointer dereference
vuldb·2026-04-28·CVSS 5.9
CVE-2026-40355 [MEDIUM] MIT Kerberos 5 up to 1.22.2 NegoEx Mechanism /etc/gss/mech gss_accept_sec_context null pointer dereference
A vulnerability categorized as problematic has been discovered in MIT Kerberos 5 up to 1.22.2. Affected by this vulnerability is the function gss_accept_sec_context of the file /etc/gss/mech of the component NegoEx Mechanism Handler. Executing a manipulation can lead to null pointer dereference.
This vulnerability is registered as CVE-2026-40355. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40355 [MEDIUM] CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Bugzilla
CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [fedora-all]
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40355 [MEDIUM] CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [fedora-all]
CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40355 python-krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [fedora-all]
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40355 [MEDIUM] CVE-2026-40355 python-krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [fedora-all]
CVE-2026-40355 python-krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40355 python-krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [epel-all]
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40355 [MEDIUM] CVE-2026-40355 python-krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [epel-all]
CVE-2026-40355 python-krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
2026-04-28
Published