Description
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Published: 2026-04-28
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Unauthenticated Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a NULL pointer dereference that occurs when an application invokes gss_accept_sec_context() on a Kerberos 5 system with a NegoEx mechanism registered in /etc/gss/mech. The flaw causes the process to crash during parse_nego_message, resulting in a denial of service for the affected service. The weakness is classified as CWE‑476 and does not provide code execution or data exfiltration capabilities. The impact is limited to service disruption.

Affected Systems

MIT Kerberos 5 (krb5) versions prior to 1.22.3 are affected. Systems that have a NegoEx mechanism registered in /etc/gss/mech are susceptible. The issue occurs on any platform running the affected Kerberos 5 implementation.

Risk and Exploitability

The CVSS base score of 5.9 indicates moderate severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an unauthenticated remote attacker can trigger the flaw by sending crafted network traffic that causes a Kerberos client or server to call gss_accept_sec_context() with the vulnerable NegoEx mechanism. Because the vulnerability does not require authentication, the attack vector likely involves remote network interaction, making it potentially exploitable against exposed Kerberos services.

Generated by OpenCVE AI on April 28, 2026 at 12:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Kerberos 5 to version 1.22.3 or later, which contains the fixed implementation of gss_accept_sec_context().
  • If an upgrade is not immediately possible, remove or disable the NegoEx mechanism entry from /etc/gss/mech so that the vulnerable code path is no longer exercised.
  • Restart Kerberos services to ensure the changes take effect and monitor system logs for any unexpected terminations.

Generated by OpenCVE AI on April 28, 2026 at 12:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 28 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
Description In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
First Time appeared Mit
Mit kerberos 5
Weaknesses CWE-476
CPEs cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Vendors & Products Mit
Mit kerberos 5
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Mit Kerberos 5
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T12:53:20.352Z

Reserved: 2026-04-11T00:00:00.000Z

Link: CVE-2026-40355

cve-icon Vulnrichment

Updated: 2026-04-28T12:53:09.871Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T06:16:03.663

Modified: 2026-04-28T20:11:56.713

Link: CVE-2026-40355

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-28T00:00:00Z

Links: CVE-2026-40355 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:45:31Z

Weaknesses