{ "threat_severity" : "Important", "public_date" : "2026-04-28T00:00:00Z", "bugzilla" : { "description" : "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "id" : "2463368", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2463368" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-191", "details" : [ "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS)." ], "statement" : "An Important denial of service vulnerability exists in MIT Kerberos 5, allowing an unauthenticated remote attacker to terminate processes. This occurs on systems where the NegoEx mechanism is registered and an application invokes `gss_accept_sec_context()`, leading to an integer underflow and out-of-bounds read.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19145", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "krb5-0:1.21.3-10.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-13T00:00:00Z", "advisory" : "RHSA-2026:16799", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "krb5-0:1.18.2-34.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19357", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "krb5-0:1.21.1-10.el9_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19357", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "krb5-0:1.21.1-10.el9_8" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-30T00:00:00Z", "advisory" : "RHSA-2026:12220", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "krb5-main-1.22.2-7.hum1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Fix deferred", "package_name" : "krb5", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "krb5", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-40356\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40356\nhttps://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html\nhttps://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f\nhttps://web.mit.edu/kerberos/advisories/" ], "name" : "CVE-2026-40356", "mitigation" : { "value" : "To mitigate this issue, ensure that the NegoEx mechanism is not registered in the `/etc/gss/mech` configuration file. Removing the corresponding entry from this file will prevent the vulnerable code path from being activated. This action may impact services that rely on the NegoEx GSS-API mechanism. A restart of affected Kerberos-dependent services may be required for the change to take effect.", "lang" : "en:us" }, "csaw" : false }