← back
CVE-2026-12610

Sssd: use-after-free crash in sssd' 'sssd_pam' process

CVSS 6.4 MEDIUMEPSS 0.2%CWE-825
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H