Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-40356 (GCVE-0-2026-40356)
Vulnerability from cvelistv5 – Published: 2026-04-28 00:00 – Updated: 2026-04-28 13:10
VLAI
EPSS
Summary
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MIT | Kerberos 5 |
Affected:
1.18 , < 1.22.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T13:10:05.740836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T13:10:24.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kerberos 5",
"vendor": "MIT",
"versions": [
{
"lessThan": "1.22.3",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.22.3",
"versionStartIncluding": "1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T05:23:13.610Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://web.mit.edu/kerberos/advisories/"
},
{
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40356",
"datePublished": "2026-04-28T00:00:00.000Z",
"dateReserved": "2026-04-11T00:00:00.000Z",
"dateUpdated": "2026-04-28T13:10:24.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-40356",
"date": "2026-06-29",
"epss": "0.0046",
"percentile": "0.36558"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-40356\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2026-04-28T07:16:03.197\",\"lastModified\":\"2026-06-17T10:45:10.547\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"MIT\",\"product\":\"Kerberos 5\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"1.18\",\"lessThan\":\"1.22.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-28T13:10:05.740836Z\",\"id\":\"CVE-2026-40356\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]}],\"references\":[{\"url\":\"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://web.mit.edu/kerberos/advisories/\",\"source\":\"cve@mitre.org\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Kerberos 5\", \"vendor\": \"MIT\", \"versions\": [{\"lessThan\": \"1.22.3\", \"status\": \"affected\", \"version\": \"1.18\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-191\", \"description\": \"CWE-191 Integer Underflow (Wrap or Wraparound)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2026-04-28T05:23:13.610Z\"}, \"references\": [{\"url\": \"https://web.mit.edu/kerberos/advisories/\"}, {\"url\": \"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html\"}, {\"url\": \"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"cpeApplicability\": [{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.18\", \"versionEndExcluding\": \"1.22.3\"}]}]}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-40356\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-28T13:10:05.740836Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-28T13:10:18.299Z\"}}]}",
"cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2026-40356\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"assignerShortName\": \"mitre\", \"dateUpdated\": \"2026-04-28T13:10:24.842Z\", \"dateReserved\": \"2026-04-11T00:00:00.000Z\", \"datePublished\": \"2026-04-28T00:00:00.000Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:21618-1
Vulnerability from csaf_suse - Published: 2026-05-09 16:16 - Updated: 2026-05-09 16:16Summary
Security update for krb5
Severity
Moderate
Notes
Title of the patch: Security update for krb5
Description of the patch: This update for krb5 fixes the following issues
- CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366).
- CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367).
Patchnames: SUSE-SLE-Micro-6.0-701
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for krb5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for krb5 fixes the following issues\n\n- CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366).\n- CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-701",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21618-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21618-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621618-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21618-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046496.html"
},
{
"category": "self",
"summary": "SUSE Bug 1263366",
"url": "https://bugzilla.suse.com/1263366"
},
{
"category": "self",
"summary": "SUSE Bug 1263367",
"url": "https://bugzilla.suse.com/1263367"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40355 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40356 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40356/"
}
],
"title": "Security update for krb5",
"tracking": {
"current_release_date": "2026-05-09T16:16:13Z",
"generator": {
"date": "2026-05-09T16:16:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21618-1",
"initial_release_date": "2026-05-09T16:16:13Z",
"revision_history": [
{
"date": "2026-05-09T16:16:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.20.1-8.1.aarch64",
"product": {
"name": "krb5-1.20.1-8.1.aarch64",
"product_id": "krb5-1.20.1-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.20.1-8.1.aarch64",
"product": {
"name": "krb5-client-1.20.1-8.1.aarch64",
"product_id": "krb5-client-1.20.1-8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.20.1-8.1.s390x",
"product": {
"name": "krb5-1.20.1-8.1.s390x",
"product_id": "krb5-1.20.1-8.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-client-1.20.1-8.1.s390x",
"product": {
"name": "krb5-client-1.20.1-8.1.s390x",
"product_id": "krb5-client-1.20.1-8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.20.1-8.1.x86_64",
"product": {
"name": "krb5-1.20.1-8.1.x86_64",
"product_id": "krb5-1.20.1-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.20.1-8.1.x86_64",
"product": {
"name": "krb5-client-1.20.1-8.1.x86_64",
"product_id": "krb5-client-1.20.1-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.20.1-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64"
},
"product_reference": "krb5-1.20.1-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.20.1-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x"
},
"product_reference": "krb5-1.20.1-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.20.1-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64"
},
"product_reference": "krb5-1.20.1-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.20.1-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64"
},
"product_reference": "krb5-client-1.20.1-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.20.1-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x"
},
"product_reference": "krb5-client-1.20.1-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.20.1-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64"
},
"product_reference": "krb5-client-1.20.1-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40355"
}
],
"notes": [
{
"category": "general",
"text": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40355",
"url": "https://www.suse.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "SUSE Bug 1263366 for CVE-2026-40355",
"url": "https://bugzilla.suse.com/1263366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-09T16:16:13Z",
"details": "moderate"
}
],
"title": "CVE-2026-40355"
},
{
"cve": "CVE-2026-40356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40356"
}
],
"notes": [
{
"category": "general",
"text": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40356",
"url": "https://www.suse.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "SUSE Bug 1263367 for CVE-2026-40356",
"url": "https://bugzilla.suse.com/1263367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-1.20.1-8.1.x86_64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.aarch64",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.s390x",
"SUSE Linux Micro 6.0:krb5-client-1.20.1-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-09T16:16:13Z",
"details": "moderate"
}
],
"title": "CVE-2026-40356"
}
]
}
SUSE-SU-2026:21629-1
Vulnerability from csaf_suse - Published: 2026-05-09 15:46 - Updated: 2026-05-09 15:46Summary
Security update for krb5
Severity
Moderate
Notes
Title of the patch: Security update for krb5
Description of the patch: This update for krb5 fixes the following issues
- CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366).
- CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367).
Patchnames: SUSE-SLE-Micro-6.1-522
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for krb5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for krb5 fixes the following issues\n\n- CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366).\n- CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-522",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21629-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21629-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621629-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21629-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046485.html"
},
{
"category": "self",
"summary": "SUSE Bug 1263366",
"url": "https://bugzilla.suse.com/1263366"
},
{
"category": "self",
"summary": "SUSE Bug 1263367",
"url": "https://bugzilla.suse.com/1263367"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40355 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40356 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40356/"
}
],
"title": "Security update for krb5",
"tracking": {
"current_release_date": "2026-05-09T15:46:13Z",
"generator": {
"date": "2026-05-09T15:46:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21629-1",
"initial_release_date": "2026-05-09T15:46:13Z",
"revision_history": [
{
"date": "2026-05-09T15:46:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.21.3-slfo.1.1_4.1.aarch64",
"product": {
"name": "krb5-1.21.3-slfo.1.1_4.1.aarch64",
"product_id": "krb5-1.21.3-slfo.1.1_4.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"product": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"product_id": "krb5-client-1.21.3-slfo.1.1_4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"product": {
"name": "krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"product_id": "krb5-1.21.3-slfo.1.1_4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"product": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"product_id": "krb5-client-1.21.3-slfo.1.1_4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.21.3-slfo.1.1_4.1.s390x",
"product": {
"name": "krb5-1.21.3-slfo.1.1_4.1.s390x",
"product_id": "krb5-1.21.3-slfo.1.1_4.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"product": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"product_id": "krb5-client-1.21.3-slfo.1.1_4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.21.3-slfo.1.1_4.1.x86_64",
"product": {
"name": "krb5-1.21.3-slfo.1.1_4.1.x86_64",
"product_id": "krb5-1.21.3-slfo.1.1_4.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.21.3-slfo.1.1_4.1.x86_64",
"product": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.x86_64",
"product_id": "krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.21.3-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64"
},
"product_reference": "krb5-1.21.3-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.21.3-slfo.1.1_4.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le"
},
"product_reference": "krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.21.3-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x"
},
"product_reference": "krb5-1.21.3-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.21.3-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64"
},
"product_reference": "krb5-1.21.3-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64"
},
"product_reference": "krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le"
},
"product_reference": "krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x"
},
"product_reference": "krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.21.3-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
},
"product_reference": "krb5-client-1.21.3-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40355"
}
],
"notes": [
{
"category": "general",
"text": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40355",
"url": "https://www.suse.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "SUSE Bug 1263366 for CVE-2026-40355",
"url": "https://bugzilla.suse.com/1263366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-09T15:46:13Z",
"details": "moderate"
}
],
"title": "CVE-2026-40355"
},
{
"cve": "CVE-2026-40356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40356"
}
],
"notes": [
{
"category": "general",
"text": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40356",
"url": "https://www.suse.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "SUSE Bug 1263367 for CVE-2026-40356",
"url": "https://bugzilla.suse.com/1263367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-1.21.3-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:krb5-client-1.21.3-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-09T15:46:13Z",
"details": "moderate"
}
],
"title": "CVE-2026-40356"
}
]
}
SUSE-SU-2026:2449-1
Vulnerability from csaf_suse - Published: 2026-06-18 12:52 - Updated: 2026-06-18 12:52Summary
Security update for krb5
Severity
Moderate
Notes
Title of the patch: Security update for krb5
Description of the patch: This update for krb5 fixes the following issues
Patchnames: SUSE-2026-2449,SUSE-SLE-Micro-5.3-2026-2449,SUSE-SLE-Micro-5.4-2026-2449
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for krb5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for krb5 fixes the following issues\n\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2449,SUSE-SLE-Micro-5.3-2026-2449,SUSE-SLE-Micro-5.4-2026-2449",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2449-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2449-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262449-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2449-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026837.html"
},
{
"category": "self",
"summary": "SUSE Bug 1263366",
"url": "https://bugzilla.suse.com/1263366"
},
{
"category": "self",
"summary": "SUSE Bug 1263367",
"url": "https://bugzilla.suse.com/1263367"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40355 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40356 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40356/"
}
],
"title": "Security update for krb5",
"tracking": {
"current_release_date": "2026-06-18T12:52:16Z",
"generator": {
"date": "2026-06-18T12:52:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2449-1",
"initial_release_date": "2026-06-18T12:52:16Z",
"revision_history": [
{
"date": "2026-06-18T12:52:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-client-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-client-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-devel-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-devel-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-mini-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-mini-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-mini-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-mini-devel-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-150400.3.21.1.aarch64",
"product": {
"name": "krb5-server-1.19.2-150400.3.21.1.aarch64",
"product_id": "krb5-server-1.19.2-150400.3.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-64bit-1.19.2-150400.3.21.1.aarch64_ilp32",
"product": {
"name": "krb5-64bit-1.19.2-150400.3.21.1.aarch64_ilp32",
"product_id": "krb5-64bit-1.19.2-150400.3.21.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "krb5-devel-64bit-1.19.2-150400.3.21.1.aarch64_ilp32",
"product": {
"name": "krb5-devel-64bit-1.19.2-150400.3.21.1.aarch64_ilp32",
"product_id": "krb5-devel-64bit-1.19.2-150400.3.21.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-client-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-client-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-devel-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-devel-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-mini-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-mini-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-mini-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-mini-devel-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-150400.3.21.1.i586",
"product": {
"name": "krb5-server-1.19.2-150400.3.21.1.i586",
"product_id": "krb5-server-1.19.2-150400.3.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-client-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-client-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-devel-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-devel-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-mini-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-mini-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-mini-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-mini-devel-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-150400.3.21.1.ppc64le",
"product": {
"name": "krb5-server-1.19.2-150400.3.21.1.ppc64le",
"product_id": "krb5-server-1.19.2-150400.3.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-client-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-client-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-devel-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-devel-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-mini-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-mini-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-mini-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-mini-devel-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-150400.3.21.1.s390x",
"product": {
"name": "krb5-server-1.19.2-150400.3.21.1.s390x",
"product_id": "krb5-server-1.19.2-150400.3.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-32bit-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-32bit-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-32bit-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-client-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-client-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-devel-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-devel-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-devel-32bit-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-devel-32bit-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-devel-32bit-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-mini-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-mini-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-mini-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-mini-devel-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-mini-devel-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-plugin-preauth-otp-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-plugin-preauth-spake-1.19.2-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-150400.3.21.1.x86_64",
"product": {
"name": "krb5-server-1.19.2-150400.3.21.1.x86_64",
"product_id": "krb5-server-1.19.2-150400.3.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64"
},
"product_reference": "krb5-1.19.2-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-150400.3.21.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x"
},
"product_reference": "krb5-1.19.2-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64"
},
"product_reference": "krb5-1.19.2-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64"
},
"product_reference": "krb5-1.19.2-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-150400.3.21.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x"
},
"product_reference": "krb5-1.19.2-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64"
},
"product_reference": "krb5-1.19.2-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40355"
}
],
"notes": [
{
"category": "general",
"text": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40355",
"url": "https://www.suse.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "SUSE Bug 1263366 for CVE-2026-40355",
"url": "https://bugzilla.suse.com/1263366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T12:52:16Z",
"details": "moderate"
}
],
"title": "CVE-2026-40355"
},
{
"cve": "CVE-2026-40356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40356"
}
],
"notes": [
{
"category": "general",
"text": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40356",
"url": "https://www.suse.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "SUSE Bug 1263367 for CVE-2026-40356",
"url": "https://bugzilla.suse.com/1263367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T12:52:16Z",
"details": "moderate"
}
],
"title": "CVE-2026-40356"
}
]
}
WID-SEC-W-2026-1290
Vulnerability from csaf_certbund - Published: 2026-04-27 22:00 - Updated: 2026-06-16 22:00Summary
MIT Kerberos: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Kerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des "Kerberos network authentication protocol", des Massachusetts Institute of Technology (MIT).
Angriff: Ein Angreifer kann mehrere Schwachstellen in MIT Kerberos ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
Red Hat Enterprise Linux Cryostat <4.2.0
Red Hat / Enterprise Linux
|
Cryostat <4.2.0 | ||
|
IBM QRadar SIEM <7.5.0 UP15 IF04
IBM / QRadar SIEM
|
<7.5.0 UP15 IF04 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
Red Hat Enterprise Linux Cryostat <4.2.0
Red Hat / Enterprise Linux
|
Cryostat <4.2.0 | ||
|
IBM QRadar SIEM <7.5.0 UP15 IF04
IBM / QRadar SIEM
|
<7.5.0 UP15 IF04 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
29 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Kerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des \"Kerberos network authentication protocol\", des Massachusetts Institute of Technology (MIT).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in MIT Kerberos ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1290 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1290.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1290 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1290"
},
{
"category": "external",
"summary": "Cem\u0027s Blog vom 2026-04-27 mit PoC",
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"category": "external",
"summary": "OSS Security Mailing List vom 2026-04-27",
"url": "https://seclists.org/oss-sec/2026/q2/235"
},
{
"category": "external",
"summary": "krb5 Fix vom 2026-04-27",
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-2E9FE57A46 vom 2026-04-29",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-2e9fe57a46"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-8B43EA2F82 vom 2026-04-29",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8b43ea2f82"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-6C99AAA6D3 vom 2026-04-29",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-6c99aaa6d3"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-684396998A vom 2026-04-29",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-684396998a"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12220 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12220"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10729-1 vom 2026-05-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CGQDIGY7A2NYHA7RFMRH6ORESGTIUR7C/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:16799 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:16799"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:16799 vom 2026-05-14",
"url": "https://errata.build.resf.org/RLSA-2026:16799"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-16799 vom 2026-05-15",
"url": "http://linux.oracle.com/errata/ELSA-2026-16799.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1816-1 vom 2026-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026022.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21629-1 vom 2026-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026063.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21618-1 vom 2026-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026073.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21641-1 vom 2026-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026051.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19357 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19357"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19145 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19145"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6293 vom 2026-05-23",
"url": "https://security-tracker.debian.org/tracker/DSA-6293-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17789 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:17789"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21275 vom 2026-05-27",
"url": "https://access.redhat.com/errata/RHSA-2026:21275"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4603 vom 2026-05-28",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00047.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22634 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24685 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24685"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24683 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24683"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24686 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24686"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276589 vom 2026-06-16",
"url": "https://www.ibm.com/support/pages/node/7276589"
}
],
"source_lang": "en-US",
"title": "MIT Kerberos: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:01:00.063+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1290",
"initial_release_date": "2026-04-27T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-27T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Oracle Linux und SUSE aufgenommen"
},
{
"date": "2026-05-17T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "T054613",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP15 IF04",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP15 IF04",
"product_id": "T055485"
}
},
{
"category": "product_version",
"name": "7.5.0 UP15 IF04",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP15 IF04",
"product_id": "T055485-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up15_if04"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.18",
"product": {
"name": "MIT Kerberos \u003e=1.18",
"product_id": "T053362"
}
},
{
"category": "product_version_range",
"name": "\u003e=1.18",
"product": {
"name": "MIT Kerberos \u003e=1.18",
"product_id": "T053362-fixed"
}
}
],
"category": "product_name",
"name": "Kerberos"
}
],
"category": "vendor",
"name": "MIT"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Cryostat \u003c4.2.0",
"product": {
"name": "Red Hat Enterprise Linux Cryostat \u003c4.2.0",
"product_id": "T054651"
}
},
{
"category": "product_version",
"name": "Cryostat 4.2.0",
"product": {
"name": "Red Hat Enterprise Linux Cryostat 4.2.0",
"product_id": "T054651-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:cryostat__4.2.0"
}
}
},
{
"category": "product_version",
"name": "Update Infrastructure 5.1",
"product": {
"name": "Red Hat Enterprise Linux Update Infrastructure 5.1",
"product_id": "T054761",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40355",
"product_status": {
"known_affected": [
"T054761",
"T054651",
"T055485",
"T002207",
"67646",
"T027843",
"T054613",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-04-27T22:00:00.000+00:00",
"title": "CVE-2026-40355"
},
{
"cve": "CVE-2026-40356",
"product_status": {
"known_affected": [
"T054761",
"T054651",
"T055485",
"T002207",
"67646",
"T027843",
"T054613",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-04-27T22:00:00.000+00:00",
"title": "CVE-2026-40356"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…