CVE-2026-25506

NameCVE-2026-25506
DescriptionMUNGE is an authentication service for creating and validating user cr ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4477-1, DSA-6129-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
munge (PTS)bullseye0.5.14-4vulnerable
bullseye (security)0.5.14-4+deb11u1fixed
bookworm0.5.15-2vulnerable
bookworm (security)0.5.15-2+deb12u1fixed
trixie (security)0.5.16-1.1~deb13u1fixed
forky, trixie0.5.16-1vulnerable
sid0.5.16-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mungesourcebullseye0.5.14-4+deb11u1DLA-4477-1
mungesourcebookworm0.5.15-2+deb12u1DSA-6129-1
mungesourcetrixie0.5.16-1.1~deb13u1DSA-6129-1
mungesource(unstable)0.5.16-1.1

Notes

https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh
Fixed by: https://github.com/dun/munge/commit/bf40cc27c4ce8451d4b062c9de0b67ec40894812 (munge-0.5.18)
Search for package or bug name: Reporting problems