{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-28T00:00:00Z",
  "bugzilla" : {
    "description" : "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism",
    "id" : "2463370",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2463370"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS)." ],
  "statement" : "Moderate: This flaw allows an unauthenticated remote attacker to cause a Denial of Service in MIT Kerberos 5 by triggering a NULL pointer dereference. Exploitation requires the NegoEx mechanism to be explicitly registered in the system's GSSAPI configuration, which is not a default state in all Red Hat environments.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19145",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "krb5-0:1.21.3-10.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16799",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "krb5-0:1.18.2-34.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19357",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "krb5-0:1.21.1-10.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19357",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "krb5-0:1.21.1-10.el9_8"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-30T00:00:00Z",
    "advisory" : "RHSA-2026:12220",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "krb5-main-1.22.2-7.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-40355\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40355\nhttps://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html\nhttps://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f\nhttps://web.mit.edu/kerberos/advisories/" ],
  "name" : "CVE-2026-40355",
  "mitigation" : {
    "value" : "To mitigate this issue, remove the NegoEx mechanism registration from the system's GSSAPI configuration if it is not required. This can typically be achieved by removing or commenting out the relevant entry in `/etc/gss/mech`. A restart of services utilizing Kerberos might be necessary for the changes to take effect, which could impact Kerberos-dependent functionality.",
    "lang" : "en:us"
  },
  "csaw" : false
}