Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-28T00:00:00 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-476

A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).

Moderate: This flaw allows an unauthenticated remote attacker to cause a Denial of Service in MIT Kerberos 5 by triggering a NULL pointer dereference. Exploitation requires the NegoEx mechanism to be explicitly registered in the system's GSSAPI configuration, which is not a default state in all Red Hat environments. To mitigate this issue, remove the NegoEx mechanism registration from the system's GSSAPI configuration if it is not required. This can typically be achieved by removing or commenting out the relevant entry in `/etc/gss/mech`. A restart of services utilizing Kerberos might be necessary for the changes to take effect, which could impact Kerberos-dependent functionality. Red Hat Hardened Images 2026-04-30T00:00:00Z RHSA-2026:12220 krb5-main-1.22.2-7.hum1 Red Hat Enterprise Linux 10 Affected krb5 Red Hat Enterprise Linux 6 Fix deferred krb5 Red Hat Enterprise Linux 7 Fix deferred krb5 Red Hat Enterprise Linux 8 Fix deferred krb5 Red Hat Enterprise Linux 9 Affected krb5 Red Hat OpenShift Container Platform 4 Fix deferred rhcos https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/