7.3
CVE-2026-57915
- EPSS 0.32%
- Veröffentlicht 26.06.2026 12:09:54
- Zuletzt bearbeitet 30.06.2026 03:21:05
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Kerby: Kerberos Pre-Authentication Bypass
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat AMQ Clients
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusaffected
HerstellerRed Hat
≫
Produkt
streams for Apache Kafka 2
Default Statusaffected
HerstellerRed Hat
≫
Produkt
streams for Apache Kafka 3
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Data Grid 8
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Fuse 7
Default Statusunaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.238 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-304 Missing Critical Step in Authentication
The product implements an authentication technique, but it skips a step that weakens the technique.
CWE-358 Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
https://lists.apache.org/thread/1y3glgh3kzwoxo5m2lq504cjlh1dsrfh
http://www.openwall.com/lists/oss-security/2026/06/26/8
https://access.redhat.com/security/cve/CVE-2026-57915
https://bugzilla.redhat.com/show_bug.cgi?id=2493407
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-57915.json