Main Vulnerability Database SB2026021333 SB2026021333 - Ubuntu update for munge Published: February 13, 2026 Security Bulletin ID SB2026021333 Severity Low Patch available YES Number of vulnerabilities 1 Exploitation vector Local access Highest impact Code execution Breakdown by Severity Low Medium High Critical Description This security bulletin contains information about 1 security vulnerability. 1) Out-of-bounds write (CVE-ID: CVE-2026-25506) The vulnerability allows a local user to gain access to sensitive information. The vulnerability exists due to a boundary error. A local user can trigger an out-of-bounds write in the authentication daemon and force it to leak cryptographic key material from the process memory. The extracted information can be used to forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. Remediation Install update from vendor's website. References https://ubuntu.com/security/notices/USN-8040-1