Description

REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API can only be called with a trusted server from the pre-populated cache. The use of a trusted server means no trust boundary is crossed and this is therefore considered a normal bug.

INFO

Published Date :

2026-04-20T20:37:23.178Z

Last Modified :

2026-04-22T13:04:20.656Z

Source :

glibc
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5358 vulnerability.

Vendors Products
The Gnu C Library
  • Glibc
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5358.

URL Resource
https://nvd.nist.gov/vuln/detail/CVE-2026-5358 cve-icon
https://sourceware.org/bugzilla/show_bug.cgi?id=34067 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-5358 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact