CVE-2026-9742
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk29th percentile - higher than 29% of all known CVEs
Summary
When OIDC authentication is enabled, clients may set specific values in the 'mechanism' parameter of the 'authenticate' command that lead to server crash. The 'authenticate' command is accessible to unauthenticated clients, resulting in pre-auth denial-of-service in affected product configurations.
Risk Assessment
The organization may experience service downtime, which can lead to loss of user trust and potential financial losses.
Recommendation
It is recommended to block access to the 'authenticate' command for unauthenticated clients and to monitor OIDC configurations to prevent such attacks.
Original NVD description (English source)
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.

