CVE-2026-57915PATCHED

apache · kerby

Apache Kerby: Kerberos Pre-Authentication Bypass

Description

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Affected Products

Vendor	Product	Versions
apache	kerby	0

References

https://lists.apache.org/thread/1y3glgh3kzwoxo5m2lq504cjlh1dsrfh(vendor-advisory)

Related News (2 articles)

Tier C

oss-security1d ago

CVE-2026-57915: Apache Kerby: Kerberos Pre-Authentication Bypass

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-57915 | Apache Kerby up to 2.1.1 Kerberos improper authentication

→ No new info (linked only)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

2.1.2

CWECWE-304

PublishedJun 26, 2026

Last enriched1d agov2

Trending Score42

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-49486EXP

Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

Trending: 59

MEDIUMCVE-2026-57914EXP

Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures

Trending: 45

HIGHCVE-2026-43870

Apache Thrift: Node.js web_server.js multi-vulnerability

Trending: 43

HIGHCVE-2026-42403EXP

Apache Neethi: Circular Policy Reference Infinite Loop

Trending: 41

HIGHCVE-2026-42402EXP

Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS

Trending: 41

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Updated: affectedVersions

Jun 26, 2026

Patch Available

Jun 26, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added affected version 2.1.1, and marked the vulnerability as actively exploited.

affectedVersions

via VulDB

v11d ago

Initial creation