CVE-2026-25506

EUVD-2026-6734

10.02.2026, 19:16

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
GitHub_M	CNA	7.7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

munge

bookworm	vulnerable
bookworm (security)	0.5.15-2+deb12u1 fixed
bullseye	vulnerable
bullseye (security)	0.5.14-4+deb11u1 fixed
forky	0.5.16-1.1 fixed
sid	0.5.16-1.1 fixed
trixie	vulnerable
trixie (security)	0.5.16-1.1~deb13u1 fixed

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

References

https://github.com/dun/munge/commit/bf40cc27c4ce8451d4b062c9de0b67ec40894812

https://github.com/dun/munge/releases/tag/munge-0.5.18

https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh

http://www.openwall.com/lists/oss-security/2026/02/10/3

http://www.openwall.com/lists/oss-security/2026/02/17/6

https://lists.debian.org/debian-lts-announce/2026/02/msg00015.html