CVE-2026-56968
âšī¸ lowSummary
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
CVSS Score
3.7
Low
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-23
First Seen: 2026-06-25
đ Relative Risk Intelligence
This CVE is Lower Risk - more severe than 4.0% of all 335,187 vulnerabilities in our database.
#321,940
Below average severity
Severity Percentile
đ¯ CISA SSVC Assessment Updated: Jun 23, 2026
đ Exploitation Status
None
No known exploits
âī¸ Automatable
NO
Requires human interaction
đĨ Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-06-29
Source
NVD đ
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N