PatchSiren

MIT CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM MIT CVE published 2026-04-28

CVE-2026-40356

CVE-2026-40356 is an integer underflow vulnerability in MIT Kerberos 5, specifically in the gss_accept_sec_context() function when a NegoEx mechanism is registered in /etc/gss/mech. An unauthenticated remote attacker can exploit this, potentially causing the process to terminate. Organizations should review their Kerberos configurations and apply patches to prevent potential process termination via unauth [truncated]

MEDIUM MIT CVE published 2026-04-28

CVE-2026-40355

CVE-2026-40355 is a NULL pointer dereference vulnerability in MIT Kerberos 5, specifically in the gss_accept_sec_context() function. An unauthenticated remote attacker can trigger this vulnerability, causing the process to terminate. The vulnerability exists when a NegoEx mechanism is registered in /etc/gss/mech. This issue affects users of MIT Kerberos 5, particularly those with applications using the gs [truncated]