vulnerability
Red Hat: CVE-2026-40355: krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:N/A:C) | Apr 28, 2026 | May 13, 2026 | May 20, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Apr 28, 2026
Added
May 13, 2026
Modified
May 20, 2026
Description
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Solutions
redhat-upgrade-krb5-debuginforedhat-upgrade-krb5-debugsourceredhat-upgrade-krb5-develredhat-upgrade-krb5-devel-debuginforedhat-upgrade-krb5-libsredhat-upgrade-krb5-libs-debuginforedhat-upgrade-krb5-pkinitredhat-upgrade-krb5-pkinit-debuginforedhat-upgrade-krb5-serverredhat-upgrade-krb5-server-debuginforedhat-upgrade-krb5-server-ldapredhat-upgrade-krb5-server-ldap-debuginforedhat-upgrade-krb5-workstationredhat-upgrade-krb5-workstation-debuginforedhat-upgrade-krb5-xrealmauthzredhat-upgrade-krb5-xrealmauthz-debuginforedhat-upgrade-libkadm5redhat-upgrade-libkadm5-debuginfo
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.