CVE-2026-9742
7.5 HIGHWhen OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" ...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-1287
Description
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-9753 — The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to re... (8.1 HIGH)
- CVE-2026-11460 — A flaw has been found in Boost Serialization up to 1.91 (7.3 HIGH)
- CVE-2024-6858 — In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL c... (6.5 MEDIUM)
- CVE-2026-49941 — Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses (7.5 HIGH)
- CVE-2026-47675 — Hono is a Web application framework that provides support for any JavaScript runtime (4.3 MEDIUM)