Bypass Vulnerability in Apache Kerby Affecting Kerberos Authentication
CVE-2026-57915

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Kerby
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-57915?

A bypass vulnerability has been identified in Apache Kerby that allows attackers to circumvent the Kerberos pre-authentication check by sending a PA-DATA request with an unsupported type. This vulnerability could potentially lead to unauthorized access or authentication flaws, posing security risks for users of the affected software. It is strongly recommended that users upgrade to version 2.1.2 or later, which addresses and resolves this issue effectively.

Affected Version(s)

Apache Kerby 0 < 2.1.2

References

https://lists.apache.org/thread/1y3glgh3kzwoxo5m2lq504cjl...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 26, 2026

CVE-2026-57915 Data

JSON