CVE-2026-40356

ADVISORY - nist

Summary

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.

EPSS Score⁠: 0.00075 (0.224)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-191⁠

Integer Underflow (Wrap or Wraparound)

ADVISORY - redhat

CWE-191⁠

Integer Underflow (Wrap or Wraparound)

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.