CVE-2026-48829

Received Received - Intake

BaseFortify

Publication date: 2026-05-24

Last updated on: 2026-05-24

Assigner: MITRE

Description

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-24

Last Modified

2026-05-24

Generated

2026-05-26

EPSS Evaluated

N/A

NVD

CVE-2026-48829

EUVD

EUVD-2026-31562

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-476	The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-48829

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart