Is CVE-2026-12610 being exploited?

No public exploit is currently tracked.

How severe is CVE-2026-12610?

CVE-2026-12610 has a CVSS v3 severity of MEDIUM (6.4).

Back

CVE-2026-12610

Description

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.