PT-2026-52698 · Apache · Apache Derby

Published

2026-06-26

Updated

2026-06-26

CVE-2026-57915

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-304

Related Identifiers

CVE-2026-57915

Affected Products

Apache Derby

PT-2026-52698 · Apache · Apache Derby

CVE-2026-57915

Weakness Enumeration

Related Identifiers

Affected Products

References · 2