Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.1%top 73%

MIT Kerberos: Mehrere Schwachstellen ermöglichen Denial of Service

0
Unknown
VulnerabilityCVE-2026-40355gcvecsafcve-2026-40355cve-2026-40356red-hat-product-securitybundesamt-f-r-sicherheit-in-de
Published: Mon Apr 27 2026 (04/27/2026, 22:00:00 UTC)
Source: GCVE Database
Vendor/Project: Bundesamt für Sicherheit in der Informationstechnik
Product: Debian

Description

Kerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des "Kerberos network authentication protocol", des Massachusetts Institute of Technology (MIT).

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/27/2026, 21:24:01 UTC

Technical Analysis

Red Hat Product Security issued an advisory for two denial of service vulnerabilities in MIT Kerberos 5 (krb5) affecting Red Hat Enterprise Linux 8. CVE-2026-40356 involves an integer underflow and out-of-bounds read, while CVE-2026-40355 involves a NULL pointer dereference in the NegoEx mechanism. Both vulnerabilities can cause denial of service conditions. The advisory references updated krb5 packages that fix these issues. No CVSS scores are provided in the advisory, but the severity is rated as Important by Red Hat.

Potential Impact

Successful exploitation of these vulnerabilities could cause denial of service by crashing the krb5 service, potentially disrupting authentication services relying on Kerberos. There is no indication of code execution or privilege escalation. No known exploits in the wild have been reported at this time.

Mitigation Recommendations

Red Hat has released updated krb5 packages for Red Hat Enterprise Linux 8 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2026:16799 and the referenced article https://access.redhat.com/articles/11258. Patch status is confirmed as an official fix available from Red Hat. No additional mitigation steps are indicated by the vendor.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2026:16799
Cve Count
2
Additional Cves
["CVE-2026-40356"]
Cvss Version
null

Threat ID: 6a175eeee29bf47b50edd24d

Added to database: 5/27/2026, 9:15:26 PM

Last enriched: 5/27/2026, 9:24:01 PM

Last updated: 5/29/2026, 11:35:45 AM

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

NVD DatabaseMITRE CVEWID-SEC-W-2026-1290 - CSAF VersionWID-SEC-2026-1290 - Portal VersionCem's Blog vom 2026-04-27 mit PoCOSS Security Mailing List vom 2026-04-27krb5 Fix vom 2026-04-27Fedora Security Advisory FEDORA-2026-2E9FE57A46 vom 2026-04-29Fedora Security Advisory FEDORA-2026-8B43EA2F82 vom 2026-04-29Fedora Security Advisory FEDORA-2026-6C99AAA6D3 vom 2026-04-29Fedora Security Advisory FEDORA-2026-684396998A vom 2026-04-29Red Hat Security Advisory RHSA-2026:12220 vom 2026-04-30openSUSE Security Update OPENSUSE-SU-2026:10729-1 vom 2026-05-11Red Hat Security Advisory RHSA-2026:16799 vom 2026-05-13Rocky Linux Security Advisory RLSA-2026:16799 vom 2026-05-14Oracle Linux Security Advisory ELSA-2026-16799 vom 2026-05-15SUSE Security Update SUSE-SU-2026:1816-1 vom 2026-05-13SUSE Security Update SUSE-SU-2026:21629-1 vom 2026-05-15SUSE Security Update SUSE-SU-2026:21618-1 vom 2026-05-15SUSE Security Update SUSE-SU-2026:21641-1 vom 2026-05-15Red Hat Security Advisory RHSA-2026:19357 vom 2026-05-20Red Hat Security Advisory RHSA-2026:19145 vom 2026-05-19Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses