// #ldap

GNU SASL CVE-2026-48829: DIGEST-MD5 Parser Crash Affects Enterprise Mail Servers and LDAP Stacks

A NULL pointer dereference in GNU SASL's DIGEST-MD5 authentication mechanism (CVE-2026-48829, CVSS 7.5) allows a remote attacker to crash any service using GNU SASL for DIGEST-MD5 authentication by sending a malformed authentication token. Debian and other distribution security advisories published 24 May. Services affected include Postfix, Cyrus IMAP, and LDAP servers using SASL for authentication.