Skip to content

Updating to add OSG-SEC-2026-02-10 CRITICAL risk MUNGE buffer overflow vulnerability (CVE-2026-25506) #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MeghaMoncy merged 3 commits into from
Feb 13, 2026
Merged

Updating to add OSG-SEC-2026-02-10 CRITICAL risk MUNGE buffer overflow vulnerability (CVE-2026-25506) #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
13eae09
Create OSG-SEC-2026-02-10.md
MeghaMoncy Feb 13, 2026
f256be8
Update mkdocs.yml
MeghaMoncy Feb 13, 2026
af753c2
Update OSGSecurityAnnouncements.md
MeghaMoncy Feb 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/OSGSecurityAnnouncements.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
| Date | Title | Contents/Link | Risk |
|-------------|-------------------------------------------------------|---------------------|---------------|
| 2026-02-10 | CRITICAL risk MUNGE buffer overflow vulnerability (CVE-2026-25506) | [OSG-SEC-2026-02-10](./vulns/OSG-SEC-2026-02-10.md) | |
| 2026-01-27 | CRITICAL ROOT Framework Remote Code Execution Vulnerability (CVE-2026-24811, CVE-2026-24812) | [OSG-SEC-2026-01-27](./vulns/OSG-SEC-2026-01-27.md) | |
| 2025-12-04 | CRITICAL React Server Components Vulnerability (CVE-2025-55182) | [OSG-SEC-2025-12-04](./vulns/OSG-SEC-2025-12-04.md) | |
| 2025-09-11 | linux-kernel: CRITICAL risk vulnerability allowing local privilege escalation,CVE-2025-38352 | [OSG-SEC-2025-09-11](./vulns/OSG-SEC-2025-09-11.md) | |
Expand Down
25 changes: 25 additions & 0 deletions docs/vulns/OSG-SEC-2026-02-10.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# OSG-SEC-2026-02-10 CRITICAL risk MUNGE buffer overflow vulnerability (CVE-2026-25506)

Dear OSG Security Contacts,

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, a local attacker cou>

## IMPACTED VERSIONS:
>= 0.5, <= 0.5.17

## WHAT ARE THE VULNERABILITIES:
An attacker who obtains this leaked key material could forge arbitrary MUNGE credentials to impersonate any user (includi>

## MITIGATION
As a precautionary measure, regenerate MUNGE keys on all systems after patching. Note that key regeneration requires stop>

## WHAT YOU SHOULD DO:
Site admins should upgrade to 0.5.18 or apply vendor-supported updates that include fixes for CVE-2026-25506.

## REFERENCES
[1] https://nvd.nist.gov/vuln/detail/CVE-2026-25506
[2] https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh

Please contact the OSG security team at security@osg-htc.org if you have any questions or concerns.

OSG Security Team
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ nav:
- Overview: 'OSGSecurityAnnouncements.md'
- Overview x86 vulnerabilities: 'OSGSecurityAnnouncements-x86.md'
- Announcement Details:
- OSG-SEC-2026-02-10 CRITICAL risk MUNGE buffer overflow vulnerability (CVE-2026-25506): './vulns/OSG-SEC-2026-02-10.md'
- OSG-SEC-2026-01-27 CRITICAL ROOT Framework Remote Code Execution Vulnerability (CVE-2026-24811, CVE-2026-24812): './vulns/OSG-SEC-2026-01-27.md'
- OSG-SEC-2025-12-04 CRITICAL React Server Components Vulnerability (CVE-2025-55182): './vulns/OSG-SEC-2025-12-04.md'
- OSG-SEC-2025-09-11 linux-kernel- CRITICAL risk vulnerability allowing local privilege escalation,CVE-2025-38352: './vulns/OSG-SEC-2025-09-11.md'
Expand Down
Loading