[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-11850":3,"news-by-cve-CVE-2026-11850-10":56},{"nvd_cvss_severity":4,"has_workaround":5,"reference_count":6,"has_nuclei_templates":5,"nvd_cvss_score":7,"in_kev":5,"nuclei_template_count":8,"attack_techniques":9,"remediation_summary":17,"id":18,"state":19,"date_published":20,"date_updated":21,"source_identifier":22,"assigner_short_name":23,"cvss_version":24,"affected_products_preview":25,"title":37,"assigner_org":23,"nvd_cvss_vector":38,"weaknesses":39,"sources":42,"cvss_vector":38,"cvss_severity":4,"has_solution":5,"exploit_count":8,"attack_tactics":45,"has_attack_graph":46,"has_exploit":5,"attack_technique_count":47,"description":48,"tags":49,"references_preview":50,"cvss_source":44,"affected_product_count":55,"has_ai_summary":5,"cvss_score":7,"kev_ransomware_use":5},"MEDIUM",false,2,5,0,[10],{"technique_name":11,"tactic":12,"tactic_name":13,"url":14,"confidence":15,"technique_id":16},"Exploit Public-Facing Application","initial-access","Initial Access","https://attack.mitre.org/techniques/T1190/","medium","T1190",{"has_workaround":5,"has_patch":5},"CVE-2026-11850","PUBLISHED","2026-06-11T09:49:07Z","2026-06-11T10:16:21Z","53f830b8-0a3f-465b-8143-3b8a9948e749","","3.1",[26,29,31,33,35],{"vendor":27,"product":28},"Red Hat","Red Hat Enterprise Linux 10",{"vendor":27,"product":30},"Red Hat Enterprise Linux 6",{"product":32,"vendor":27},"Red Hat Enterprise Linux 7",{"vendor":27,"product":34},"Red Hat Enterprise Linux 8",{"vendor":27,"product":36},"Red Hat Enterprise Linux 9","Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read","CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",[40],{"cwe_id":41,"name":23},"CWE-191",[43,44],"cvelist","nvd",[13],true,1,"An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len \u003C 2, triggering the underflow when the KDC or kadmind reads principal data.",[],[51,53],{"url":52,"source":43},"https://access.redhat.com/security/cve/CVE-2026-11850",{"url":54,"source":43},"https://bugzilla.redhat.com/show_bug.cgi?id=2459970",7,{"cve_id":18,"items":57,"total":8},[]]