CVE-2026-12610
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A use-after-free vulnerability was found in the SSSD (System Security Services Daemon) PAM component responsible for YubiKey authentication. The flaw is caused by improper memory pointer handling, which can lead to a crash. A local attacker could exploit this by manipulating smartcard or YubiKey contents.
Risk Assessment
This vulnerability allows a local attacker to perform a Denial of Service (DoS) attack, disrupting the authentication process. There is also a potential for privilege escalation, although it is difficult to exploit.
Recommendation
Update SSSD to the latest version containing the fix for the use-after-free vulnerability immediately. Until the update is applied, restrict physical access to workstations and monitor logs for unusual YubiKey authentication events.
Original NVD description (English source)
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.

