CVE-2026-6245 Sssd: out-of-bounds read in the sssd

🗓️ 15 Apr 2026 18:35:19Reported by redhatType

SSSD PAM passkey responder may cause out-of-bounds read and local DoS with crafted authentication.

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2026-6245	15 Apr 202618:35	–	attackerkb
Tenable Nessus	CentOS 9 : sssd-2.9.9-1.el9	13 May 202600:00	–	nessus
Tenable Nessus	Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : SSSD vulnerability (USN-8355-1)	11 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-6245	15 Apr 202600:00	–	nessus
CNNVD	Red Hat System Security Services Daemon 安全漏洞	15 Apr 202600:00	–	cnnvd
CVE	CVE-2026-6245	15 Apr 202618:35	–	cve
Debian CVE	CVE-2026-6245	15 Apr 202618:35	–	debiancve
EUVD	EUVD-2026-23032	15 Apr 202621:30	–	euvd
NVD	CVE-2026-6245	15 Apr 202619:16	–	nvd
OSV	DEBIAN-CVE-2026-6245	15 Apr 202619:16	–	osv

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sssd",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sssd",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sssd",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sssd",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sssd",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhcos",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-6245
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

15 Apr 2026 18:35Current

CVSS 3.15.5

EPSS0.00141

CWE-805