Description
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.
Published: 2026-02-10
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential forgery and impersonation
Action: Immediate Patch
AI Analysis

Impact

Munge, an authentication service issuing user credentials, contains a buffer overflow in the daemon munged when unpacking messages. The flaw lets a locally privileged attacker overflow a memory buffer by supplying an oversized address length field. This overflow corrupts munged's internal state and exposes the MAC subkey used for credential verification. With that key, the attacker can forge arbitrary credentials, potentially impersonating any user, including root, on any service that relies on Munge authentication. The weakness is a classic out‑of‑bounds write (CWE‑787).

Affected Systems

The vulnerability exists in Munge versions 0.5 to 0.5.17 on Linux platforms. Common affected distributions include Debian Linux 11.0 and openSUSE releases that ship the vulnerable packages. The manufacturer is dun, and the specific software is the Munge authentication daemon.

Risk and Exploitability

The CVSS score of 7.7 categorizes the issue as a high severity vulnerability, though the EPSS score of less than 1 percent indicates a low probability of exploitation in the wild. Munge is not listed in the CISA KEV catalog. Attacking this flaw requires local access; the attacker needs to establish a connection to munged and send the crafted payload. The exploit is relatively straightforward for a local attacker, but privileged or unprivileged local users may be able to gain the necessary access to communicate with the daemon.

Generated by OpenCVE AI on April 18, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Munge 0.5.18 or later, which removes the buffer overflow vulnerability.
  • Restrict access to the munge socket (munge.socket) by configuring stricter file permissions or using ACLs so that only trusted system users can communicate with the daemon.
  • Restart the munge service and monitor authentication logs for evidence of forged credentials; investigate and quarantine suspicious accounts or activity.

Generated by OpenCVE AI on April 18, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4477-1 munge security update
Debian DSA Debian DSA DSA-6129-1 munge security update
History

Wed, 25 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
CPEs cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Opensuse
Opensuse munge
CPEs cpe:2.3:a:opensuse:munge:*:*:*:*:*:*:*:*
Vendors & Products Opensuse
Opensuse munge

Tue, 17 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 12 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Dun
Dun munge
Vendors & Products Dun
Dun munge

Tue, 10 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Description MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.
Title MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L'}

Subscriptions

Debian Debian Linux
Dun Munge
Opensuse Munge
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-17T18:17:47.022Z

Reserved: 2026-02-02T18:21:42.486Z

Link: CVE-2026-25506

cve-icon Vulnrichment

Updated: 2026-02-17T18:17:47.022Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T19:16:03.720

Modified: 2026-02-25T17:39:03.170

Link: CVE-2026-25506

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-10T18:55:57Z

Links: CVE-2026-25506 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:15:06Z

Weaknesses