IM
IronMonkey Threat Research

CVE-2026-40355 HIGH

Published: 2026-04-28 | Last Modified: 2026-07-14 | Status: Modified

Description

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-476

Affected Products

Vendor Product Version Update Type
mit kerberos_5 * <built-in method update of dict object at 0x702bddc2ea80> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Notification
Message here