Vulnerability Details CVE-2026-12610
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.1%
CVSS Severity
CVSS v3 Score 6.4
Products affected by CVE-2026-12610
-
cpe:2.3:a:fedoraproject:sssd:-
-
cpe:2.3:o:redhat:enterprise_linux:10.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0