Question 1

What is CVE-2026-56968 — CVE-2026-56968?

Accepted Answer

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

Question 2

What is the authoritative source for CVE-2026-56968?

Accepted Answer

CVE-2026-56968 (CVE-2026-56968) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	3.7 ()
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Last modified	2026-06-23

CVE-2026-56968CVE-2026-56968

Description

Scoring