{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-28T00:00:00Z",
  "bugzilla" : {
    "description" : "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read",
    "id" : "2463368",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2463368"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-191",
  "details" : [ "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS)." ],
  "statement" : "This Moderate impact denial of service flaw in MIT Kerberos 5 (krb5) allows an unauthenticated remote attacker to trigger an integer underflow and out-of-bounds read. This vulnerability, which can lead to process termination, specifically affects systems where the NegoEx mechanism is registered and `gss_accept_sec_context()` is called. While Kerberos is a fundamental service, the prerequisite of a registered NegoEx mechanism limits the attack surface.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19145",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "krb5-0:1.21.3-10.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16799",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "krb5-0:1.18.2-34.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19357",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "krb5-0:1.21.1-10.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19357",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "krb5-0:1.21.1-10.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24685",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "krb5-0:1.20.1-9.el9_2.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24686",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "krb5-0:1.21.1-2.el9_4.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24683",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "krb5-0:1.21.1-8.el9_6.2"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-30T00:00:00Z",
    "advisory" : "RHSA-2026:12220",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "krb5-main-1.22.2-7.hum1"
  }, {
    "product_name" : "Red Hat Insights proxy 1.5",
    "release_date" : "2026-06-02T00:00:00Z",
    "advisory" : "RHSA-2026:22634",
    "cpe" : "cpe:/a:redhat:insights_proxy:1.5::el9",
    "package" : "insights-proxy/insights-proxy-container-rhel9:1780420428"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-05-27T00:00:00Z",
    "advisory" : "RHSA-2026:21275",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/cds-rhel9:1779798159"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-05-27T00:00:00Z",
    "advisory" : "RHSA-2026:21275",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/haproxy-rhel9:1779798164"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-05-27T00:00:00Z",
    "advisory" : "RHSA-2026:21275",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/installer-rhel9:1779798165"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-05-27T00:00:00Z",
    "advisory" : "RHSA-2026:21275",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/rhua-rhel9:1779798222"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-40356\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40356\nhttps://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html\nhttps://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f\nhttps://web.mit.edu/kerberos/advisories/" ],
  "name" : "CVE-2026-40356",
  "mitigation" : {
    "value" : "To mitigate this issue, ensure that the NegoEx mechanism is not registered in the `/etc/gss/mech` configuration file. Removing the corresponding entry from this file will prevent the vulnerable code path from being activated. This action may impact services that rely on the NegoEx GSS-API mechanism. A restart of affected Kerberos-dependent services may be required for the change to take effect.",
    "lang" : "en:us"
  },
  "csaw" : false
}