When sending invalid base64 SASL data, login process is... · CVE-2025-59028 · GitHub Advisory Database · GitHub

When sending invalid base64 SASL data, login process is...

Moderate severity Unreviewed Published Mar 27, 2026 to the GitHub Advisory Database • Updated Mar 27, 2026

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

References

Published by the National Vulnerability Database

Mar 27, 2026

Published to the GitHub Advisory Database Mar 27, 2026

Last updated Mar 27, 2026

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L