Severity: important 

Affected versions:

- Apache Kerby (org.apache.kerby:kerb-server) before 2.1.2

Description:

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby 
by sending a PA-DATA with an unrecognized or unsupported type. Users are 
recommended to upgrade to version 2.1.2, which fixes this issue.

References:

https://directory.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-57915

Reply via email to