Main Vulnerability Database Vulnerabilities #VU122809

#VU122809 Out-of-bounds write in MUNGE - CVE-2026-25506

Published: February 13, 2026

Vulnerability identifier: #VU122809

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-25506

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
MUNGE

Software vendor:
Dun

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary error. A local user can trigger an out-of-bounds write in the authentication daemon and force it to leak cryptographic key material from the process memory. The extracted information can be used to forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication.

Remediation

Install updates from vendor's website.

External links

https://github.com/dun/munge/commit/bf40cc27c4ce8451d4b062c9de0b67ec40894812
https://github.com/dun/munge/releases/tag/munge-0.5.18
https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh
http://www.openwall.com/lists/oss-security/2026/02/10/3

#VU122809 Out-of-bounds write in MUNGE - CVE-2026-25506

Description

Remediation

External links

Please verify you're human