CVE-2026-40355 | MIT Kerberos 5 up to 1.22.2 NegoEx Mechanism /etc/gss/mech gss_accept_sec_context null pointer dereference

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability categorized as problematic has been discovered in MIT Kerberos 5 up to 1.22.2. Affected by this vulnerability is the function gss_accept_sec_context of the file /etc/gss/mech of the component NegoEx Mechanism Handler. Executing a manipulation can lead to null pointer dereference.

This vulnerability is registered as CVE-2026-40355. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-40355 | MIT Kerberos 5 up to 1.22.2 NegoEx Mechanism /etc/gss/mech gss_accept_sec_context null pointer dereference

Post correlati

CVE-2024-27298 | parse-server up to 6.4.x/7.0.0-alpha.19 on Node.js PostgreSQL sql injection (GHSA-6927-3vr9-fxf2)

CVE-2024-38144 | Microsoft unknown vulnerability

VDB-293907 | pankajindevops scale up to 20241113 API Endpoint access control

CVE-2024-26680 | Linux Kernel up to 6.1.77/6.6.16/6.7.4 atlantic kernel/dma/debug.c aq_ring_hwts_rx_alloc use after free