CVE-2026-40355
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk39th percentile - higher than 39% of all known CVEs
Summary
In MIT Kerberos 5 (krb5) before version 1.22.3, there is a NULL pointer dereference when an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Risk Assessment
An attacker can remotely crash services using GSS-API, leading to application disruption and potential denial of service (DoS).
Recommendation
Immediately upgrade MIT Kerberos 5 to version 1.22.3 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

