It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Project Subscriptions

Vendors Products
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-358
References
Metrics threat_severity

None

threat_severity

Important


Fri, 26 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache kerby
Vendors & Products Apache
Apache kerby

Fri, 26 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.
Title Apache Kerby: Kerberos Pre-Authentication Bypass
Weaknesses CWE-304
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-07-15T00:42:06.617Z

Reserved: 2026-06-26T10:43:45.288Z

Link: CVE-2026-57915

cve-icon Vulnrichment

Updated: 2026-06-26T18:36:17.839Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-26T12:09:54Z

Links: CVE-2026-57915 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T02:15:10Z

Weaknesses