CVE-2026-5358

Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API can only be called with a trusted server from the pre-populated cache. The use of a trusted server means no trust boundary is crossed and this is therefore considered a normal bug.

Published: 2026-04-20 Last update: 2026-04-22 Assigner: 3ff69d7a-14f2-4f67-a097-88dee7810d18 Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
NVD Status:RejectedCVE State: rejected
View at NVD, CVE.org, EUVD

This CVE is rejected; it is not tracked as an active vulnerability. Do not treat as an active exposure for patching queues—follow the CVE record status and authoritative vendor or program statements only.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-5358

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-04-21 0.02%

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-5358

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-5358

GitHub Security Advisory for CVE-2026-5358

GHSA-jj2g-xq7w-gf88 · Severity: critical — The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may...

OS Trackers for CVE-2026-5358

vendor priority summary link
debian not yet assigned CVE-2026-5358 not yet assigned priority: Debian including 1 source packages (glibc), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 5. https://security-tracker.debian.org/tracker/CVE-2026-5358
suse medium https://www.suse.com/security/cve/CVE-2026-5358/
ubuntu medium CVE-2026-5358 medium priority: Ubuntu including 2 source packages (eglibc, glibc), 14 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): not-affected 8, DNE 4, needs-triage 2. https://ubuntu.com/security/CVE-2026-5358

Affected software / configurations for CVE-2026-5358

Vendor Product Version Raw CPE
No affected products in dataset.

References for CVE-2026-5358

URL Tags
No references in dataset.
cvelogic Threat Intelligence