CVE-2026-14612
Last modified
CVE-2026-14612 is a medium-severity vulnerability rated 4.2/10 on the CVSS scale. Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be able to trigger ipa-otpd to write or read one byte past the end of a fixed-size buffer. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be able to trigger ipa-otpd to write or read one byte past the end of a fixed-size buffer. Exploitation requires FreeIPA to be configured with an external IdP, attacker control or MITM of that IdP, and a user to initiate the OAuth2 device authorization flow. The most likely impact is limited denial of service affecting the ipa-otpd daemon.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | All versions |
| Red Hat | Red Hat Enterprise Linux 6 | All versions |
| Red Hat | Red Hat Enterprise Linux 7 | All versions |
| Red Hat | Red Hat Enterprise Linux 8 | All versions |
| Red Hat | Red Hat Enterprise Linux 9 | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Awaiting Analysis
Frequently Asked Questions
What is CVE-2026-14612?
How severe is CVE-2026-14612?
How do I fix CVE-2026-14612?
Related CVEs from 2026
- CVE-2026-14607A weakness has been identified in RT-Thread up to 5.0.2. Thi…5.5
- CVE-2026-14608A security vulnerability has been detected in SourceCodester…4.3
- CVE-2026-14609A vulnerability was detected in SourceCodester CET Automated…5.6
- CVE-2026-1461The Simple Membership plugin for WordPress is vulnerable to …6.5
- CVE-2026-14610A flaw has been found in Open Asset Import Library Assimp up…5.3
- CVE-2026-14611A vulnerability has been found in DeepMyst Mysti up to 0.4.0…5.3
- CVE-2026-14613A vulnerability was discovered in Keycloak's administrative …4.3
- CVE-2026-14614A flaw was found in the ClientResource component of Keycloak…5.4
- CVE-2026-14615A flaw was found in the Fine-Grained Admin Permissions (FGAP…4.3
- CVE-2026-14617A security vulnerability has been detected in NousResearch h…3.1
- CVE-2026-14618A vulnerability was detected in Open5GS up to 2.7.7. Affecte…4.3
- CVE-2026-14619A flaw has been found in itsourcecode Hospital Management Sy…6.3
Are you affected by CVE-2026-14612?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
