CVE-2026-57915: Apache Kerby: Kerberos Pre-Authentication Bypass

[Colm O hEigeartaigh <coheigea () apache org>]

Severity: important 

Affected versions:

- Apache Kerby (org.apache.kerby:kerb-server) before 2.1.2

Description:

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an 
unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

References:

https://directory.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-57915