CVE-2026-57914EXPLOITEDPATCHED

apache · kerby

Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures

Description

By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Affected Products

Vendor	Product	Versions
apache	kerby	0

References

https://lists.apache.org/thread/w98h2q8wz0bq97vhz4vf55hqomcb2j1m(vendor-advisory)

Related News (2 articles)

Tier C

oss-security1d ago

CVE-2026-57914: Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-57914 | Apache Kerby up to 2.1.1 ASN1 Structure Parser resource consumption

→ No new info (linked only)

CVSS 3.16.5 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2.1.2

CWECWE-400

PublishedJun 26, 2026

Last enriched1d agov3

Trending Score45

Source articles2

Independent2

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-49486EXP

Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

Trending: 59

HIGHCVE-2026-43870

Apache Thrift: Node.js web_server.js multi-vulnerability

Trending: 43

HIGHCVE-2026-57915

Apache Kerby: Kerberos Pre-Authentication Bypass

Trending: 42

HIGHCVE-2026-42403EXP

Apache Neethi: Circular Policy Reference Infinite Loop

Trending: 41

HIGHCVE-2026-42402EXP

Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS

Trending: 41

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Updated: description, severity, affectedVersions, activelyExploited

Jun 26, 2026

Updated: affectedVersions, exploitAvailable

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Exploit Available

Jun 26, 2026

Patch Available

Jun 26, 2026

Version History

Last enriched 1d ago

v3Tier C1d ago

Updated severity to MEDIUM, added affected versions before 2.1.2, marked exploit as available.

affectedVersionsexploitAvailable

via oss-security

v2Tier C1d ago

Updated description with new details, changed severity to HIGH, added affected version 2.1.1, and noted that no exploit is available.

descriptionseverityaffectedVersionsactivelyExploited

via VulDB

v11d ago

Initial creation