CVE-2026-12610

Publié : 30 juin 2026

Modifié : 30 juin 2026

Score CVSS

6.4

MEDIUM

Description détaillée

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://access.redhat.com/security/cve/CVE-2026-12610 https://bugzilla.redhat.com/show_bug.cgi?id=2490288 https://github.com/SSSD/sssd/issues/8796

Dernières Vulnérabilités

CVE-2026-8655

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment

VOIR DÉTAILS

CVE-2026-8452

Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server

VOIR DÉTAILS

CVE-2026-8451

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

VOIR DÉTAILS