VYPR
High severity7.3NVD Advisory· Published Apr 22, 2026· Updated May 1, 2026

CVE-2026-40542

CVE-2026-40542

Description

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.httpcomponents.client5:httpclient5Maven
>= 5.6-alpha1, < 5.6.15.6.1

Affected products

58

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.