CVE-2026-56968

LOW 3.7

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

CWE	CWE-839
Vendor	gnu
Product	gnu sasl
Published	Jun 23, 2026
Last Updated	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for gnu gnu sasl

Be the first to know when new low vulnerabilities affecting gnu gnu sasl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

GNU / GNU SASL

0 < 2.2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.gnu.org: https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html lists.debian.org: https://lists.debian.org/debian-security-announce/2026/msg00259.html ftp.gnu.org: https://ftp.gnu.org/gnu/gsasl/ gnu.org: https://www.gnu.org/software/gsasl/