<Vulnerability name="CVE-2026-56766">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Important</ThreatSeverity>
    <PublicDate>2026-06-25T18:01:07</PublicDate>
    <Bugzilla id="2493128" url="https://bugzilla.redhat.com/show_bug.cgi?id=2493128" xml:lang="en:us">
hydra: Hydra: Remote Code Execution via NTLM Authentication Stack Buffer Overflow
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>7.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-120</CWE>
    <Details xml:lang="en:us" source="Mitre">
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling remote code execution on systems without stack protection.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack stack protection.
    </Details>
    <Statement xml:lang="en:us">
An important security flaw in the Hydra tool lets a malicious server take control of your computer. For an attack to work, you must be tricked into actively connecting Hydra to the attacker's rigged server. The standard security features built into Red Hat systems act as a safety net, making it very difficult for attackers to actually exploit this issue.
    </Statement>
    <Mitigation xml:lang="en:us">
Ensure your system's built-in security features are active and up to date. These standard protections automatically look for memory errors, causing the application to safely shut down the moment it receives too much data, completely blocking any harmful commands from running.
    </Mitigation>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-56766
https://nvd.nist.gov/vuln/detail/CVE-2026-56766
https://github.com/vanhauser-thc/thc-hydra/commit/9cc84c20e75f5fef6bb1790bb9ada2afad2204e2
https://www.vulncheck.com/advisories/hydra-stack-buffer-overflow-in-ntlm-authentication-handler
    </References>
</Vulnerability>