CVE Catalog

CVE-2026-9742

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

When OIDC authentication is enabled, clients may set specific values in the 'mechanism' parameter of the 'authenticate' command that lead to server crash. The 'authenticate' command is accessible to unauthenticated clients, resulting in pre-auth denial-of-service in affected product configurations.

Risk Assessment

The organization may experience service downtime, which can lead to loss of user trust and potential financial losses.

Recommendation

It is recommended to block access to the 'authenticate' command for unauthenticated clients and to monitor OIDC configurations to prevent such attacks.

Original NVD description (English source)

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS