CVE-2026-57915

medium Apache
EPSS Score
0.3%
Exploitation probability in 30 days
Top 83% most likely to be exploited
Published: June 26, 2026 (13 days ago)
Last Modified: June 30, 2026
Vendor: Apache
Source: MITRE

Description

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

CWE

CWE-304

Affected Products

Apache Software Foundation Apache Kerby

References