PYSEC-2026-636

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/freeipa/PYSEC-2026-636.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-636
Aliases
Published
2026-07-02T14:13:14.030552Z
Modified
2026-07-06T08:11:04.645383601Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Code injection in FreeIPA
Details

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.

References

Affected packages

PyPI / freeipa

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.6.2
Fixed
4.6.7
Introduced
4.7.0
Fixed
4.7.4
Introduced
4.8.0
Fixed
4.8.3

Affected versions

4.*
4.6.2
4.6.3
4.6.4
4.6.5
4.7.0
4.7.1
4.7.2
4.8.0
4.8.1
4.8.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/freeipa/PYSEC-2026-636.yaml"