CVE-2026-40356
Integer Underflow in MIT Kerberos 5 gss_accept_sec_context Causes Crash
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mit | kerberos | to 1.22.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MIT Kerberos 5 versions before 1.22.3. It involves an integer underflow and an out-of-bounds read that occurs when an application calls the function gss_accept_sec_context() on a system where a NegoEx mechanism is registered in /etc/gss/mech. An unauthenticated remote attacker can exploit this flaw, potentially causing the affected process to terminate unexpectedly during the parse_message operation.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that an unauthenticated remote attacker can cause the affected process to terminate unexpectedly, leading to a denial of service (DoS) condition. This could disrupt services relying on MIT Kerberos 5 authentication mechanisms.