Apache Kerby Kerberos Pre-Auth Bypass, Pre v2.1.2 (PA-DATA): CVE-2026-57915 June 2026

Apache Kerby: Kerberos Pre-Authentication Bypass
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Vulnerability Analysis

CVE-2026-57915 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Missing Critical Step in Authentication

The software implements an authentication technique, but it skips a step that weakens the technique. Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Apache Kerby Kerberos Pre-Auth Bypass, Pre v2.1.2 (PA-DATA)
CVE-2026-57915 Published on June 26, 2026

Vulnerability Analysis

Weakness Type

Missing Critical Step in Authentication

Affected Versions

Apache Kerby Kerberos Pre-Auth Bypass, Pre v2.1.2 (PA-DATA)CVE-2026-57915 Published on June 26, 2026

Vulnerability Analysis

Weakness Type

Missing Critical Step in Authentication

Affected Versions

Apache Kerby Kerberos Pre-Auth Bypass, Pre v2.1.2 (PA-DATA)
CVE-2026-57915 Published on June 26, 2026