CVEFinder.io

CVE-2026-56968

â„šī¸ low
🔍 Scan for this CVE
Summary

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

CVSS Score
3.7
Low
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-23
First Seen: 2026-06-25
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 4.0% of all 335,187 vulnerabilities in our database.

#321,940
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jun 23, 2026
🔍 Exploitation Status
None
No known exploits
âš™ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-29
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)

đŸ“Ļ Affected Products 1

🔗 References 4

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-14355 đŸ”ļ medium 5.6 0.3 In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algo... 2026-07-03
CVE-2026-49975 âš ī¸ high 7.5 11.5 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service vi... 2026-06-08
CVE-2026-46333 âš ī¸ high 7.1 1.4 In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The ... 2026-05-15
CVE-2026-31431 âš ī¸ high 7.8 96.3 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla... 2026-04-22
CVE-2026-41082 âš ī¸ high 7.3 0.2 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. 2026-04-16
CVE-2026-4775 âš ī¸ high 7.8 0.6 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the ... 2026-03-24
These CVEs affect the same products