CVE-2026-57915

Vulnerability Description

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Vulnerability Details

Published Date

June 26, 2026

Last Modified

June 26, 2026

CWE ID

CWE-304

Source

NVD

Vendor

Apache Software Foundation

Product

Apache Kerby

External References

https://lists.apache.org/thread/1y3glgh3kzwoxo5m2lq504cjlh1dsrfh

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment