CVE-2026-48829

Deferred Deferred - Pending Action

BaseFortify

Publication date: 2026-05-24

Last updated on: 2026-06-05

Assigner: MITRE

Description

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-24

Last Modified

2026-06-05

Generated

2026-06-15

EPSS Evaluated

2026-06-14

NVD

CVE-2026-48829

EUVD

EUVD-2026-31562

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-476	The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions have not been generated yet.

Hi! I’m here to help you understand CVE-2026-48829. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-48829

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart