CVE-2026-57915

Summary

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Kerby0 < 2.1.2affected

Weaknesses

  • CWE-304: CWE-304 Missing Critical Step in Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

Apache Kerby: org.apache.kerby/kerb-server: Apache Kerby: Kerberos pre-authentication bypass via unrecognized PA-DATA

Additional References

References