CVE-2026-40356 is an integer underflow vulnerability in MIT Kerberos 5, specifically in the gss_accept_sec_context() function when a NegoEx mechanism is registered in /etc/gss/mech. An unauthenticated remote attacker can exploit this, potentially causing the process to terminate. Organizations should review their Kerberos configurations and apply patches to prevent potential process termination via unauth [truncated]
CVE-2026-40355 is a NULL pointer dereference vulnerability in MIT Kerberos 5, specifically in the gss_accept_sec_context() function. An unauthenticated remote attacker can trigger this vulnerability, causing the process to terminate. The vulnerability exists when a NegoEx mechanism is registered in /etc/gss/mech. This issue affects users of MIT Kerberos 5, particularly those with applications using the gs [truncated]