7.3

CVE-2026-57915

Apache Kerby: Kerberos Pre-Authentication Bypass

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat AMQ Clients
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusaffected
HerstellerRed Hat
Produkt streams for Apache Kafka 2
Default Statusaffected
HerstellerRed Hat
Produkt streams for Apache Kafka 3
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Data Grid 8
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Fuse 7
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.238
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-304 Missing Critical Step in Authentication

The product implements an authentication technique, but it skips a step that weakens the technique.

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

https://lists.apache.org/thread/1y3glgh3kzwoxo5m2lq504cjlh1dsrfh
http://www.openwall.com/lists/oss-security/2026/06/26/8
https://access.redhat.com/security/cve/CVE-2026-57915
https://bugzilla.redhat.com/show_bug.cgi?id=2493407
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-57915.json