// #denial-of-service
4 articles
GNU SASL CVE-2026-48829: DIGEST-MD5 Parser Crash Affects Enterprise Mail Servers and LDAP Stacks
A NULL pointer dereference in GNU SASL's DIGEST-MD5 authentication mechanism (CVE-2026-48829, CVSS 7.5) allows a remote attacker to crash any service using GNU SASL for DIGEST-MD5 authentication by sending a malformed authentication token. Debian and other distribution security advisories published 24 May. Services affected include Postfix, Cyrus IMAP, and LDAP servers using SASL for authentication.
Cisco CVE-2026-20188 — Unauthenticated DoS Permanently Crashes Crosswork Network Controller Until Manual Reboot
Cisco has disclosed a high-severity denial-of-service vulnerability in Crosswork Network Controller and NSO (Network Services Orchestrator) that allows an unauthenticated remote attacker to exhaust connection resources and permanently disable the device — requiring physical manual reboot to recover. CVE-2026-20188 affects the network automation and orchestration platforms used by major service providers and large enterprise networks for intent-based networking automation.
Apache Thrift 0.23.0 Patches Out-of-Bounds Read (CVE-2026-41604) and Node.js Uncontrolled Recursion DoS (CVE-2026-41636)
Apache Thrift 0.23.0 addresses two vulnerabilities: CVE-2026-41604, an out-of-bounds read in the binary protocol parser affecting all language bindings that can crash Thrift-based services and potentially leak memory contents; and CVE-2026-41636, an uncontrolled recursion flaw in the Node.js library that enables remote denial of service via deeply nested Thrift structures. Organisations operating Thrift-based microservices or inter-service RPC should upgrade to 0.23.0.
Linux Kernel Netfilter Vulnerability Batch: CVE-2026-31414 and Cluster Require Prompt Patching
A cluster of Linux kernel vulnerabilities in the netfilter subsystem — led by CVE-2026-31414 — has been patched across stable kernel branches, affecting versions 6.1 through 6.10. The flaws span NULL pointer dereferences and connection tracking weaknesses that can cause privilege escalation or denial of service. Enterprise Linux distributions are releasing updates; unmanaged servers and container hosts running custom kernel builds require manual attention.