PT-2026-35666 · Mit+1 · Mit Kerberos 5+1

Cem Onat Karagun

Published

2026-04-28

Updated

2026-05-27

CVE-2026-40356

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.22.3

Description An integer underflow leads to an out-of-bounds read when an application calls the gss accept sec context() function on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this issue, which may cause the process to terminate in parse message(). An integer underflow occurs when a subtraction results in a value smaller than the minimum representable value for that data type, often wrapping around to a very large positive number.

Recommendations Update to version 1.22.3 or later.

Fix

DoS

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALSA-2026:16799

ALSA-2026:19145

ALSA-2026:19357

CVE-2026-40356

ECHO-874C-29E0-D62B

OESA-2026-2257

OPENSUSE-SU-2026:10729-1

RHSA-2026:19145

RHSA-2026:19357

Affected Products

Mit Kerberos 5

Rocky Linux

PT-2026-35666 · Mit+1 · Mit Kerberos 5+1

CVE-2026-40356

Weakness Enumeration

Related Identifiers

Affected Products

References · 39