CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 13.7%

CVSS Severity

CVSS v3 Score 3.7

References

https://ftp.gnu.org/gnu/gsasl/
https://lists.debian.org/debian-security-announce/2026/msg00259.html
https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html
https://www.gnu.org/software/gsasl/

Products affected by CVE-2026-56968

Gnu » Sasl » Version: Any

cpe:2.3:a:gnu:sasl:*
Debian » Debian Linux » Version: 13.0

cpe:2.3:o:debian:debian_linux:13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-56968

Products

Pricing

Contact Us