CVE-2026-40356
published 2026-04-28CVE-2026-40356: In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on…
PriorityP335medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
0.46%
36.5th percentile
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mit | kerberos_5 | >= 1.18 < 1.22.3 | 1.22.3 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7p3-6rhj-p7jv: In MIT Kerberos 5 (aka krb5) before 1
ghsa_unreviewed·2026-04-28
CVE-2026-40356 [MEDIUM] CWE-191 GHSA-f7p3-6rhj-p7jv: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
VulDB
MIT Kerberos 5 up to 1.22.2 /etc/gss/mech gss_accept_sec_context integer underflow
vuldb·2026-04-28·CVSS 5.9
CVE-2026-40356 [MEDIUM] MIT Kerberos 5 up to 1.22.2 /etc/gss/mech gss_accept_sec_context integer underflow
A vulnerability, which was classified as critical, has been found in MIT Kerberos 5 up to 1.22.2. The impacted element is the function gss_accept_sec_context of the file /etc/gss/mech. The manipulation leads to integer underflow.
This vulnerability is uniquely identified as CVE-2026-40356. The attack is possible to be carried out remotely. No exploit exists.
It is advisable to upgrade the affected component.
Red Hat
krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read
vendor_redhat·2026-04-28·CVSS 5.9
CVE-2026-40356 [MEDIUM] CWE-191 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read
krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).
Statement: An Important denial of service vulnerability exists in MIT Kerberos 5, allowing an unauthenticated remote attacker to terminate processes. This occurs on systems where the NegoEx mechanism is registered and an application invokes `gss_accept_sec_context()`, leading to an integer underflow and out-of-bounds read.
Mitigation: To mitigate this issue, ensure that the NegoEx me
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [fedora-all]
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40356 [MEDIUM] CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [fedora-all]
CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40356 [MEDIUM] CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read
CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Bugzilla
CVE-2026-40356 python-krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [fedora-all]
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40356 [MEDIUM] CVE-2026-40356 python-krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [fedora-all]
CVE-2026-40356 python-krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40356 python-krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [epel-all]
bugzilla·2026-04-28·CVSS 5.9
CVE-2026-40356 [MEDIUM] CVE-2026-40356 python-krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [epel-all]
CVE-2026-40356 python-krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
2026-04-28
Published