CVE-2026-5358

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.44

Description The obsolete nis local principal() function may overflow a buffer in the data section. This allows an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application. NIS (Network Information Service) is a legacy system for distributing configuration data across a network.

Recommendations Update to a version newer than 2.43. Port applications away from NIS to more modern identity and access management services.