CVE-2026-40542

ADVISORY - github

Summary

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.

EPSS Score⁠: 0.00101 (0.273)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-304⁠

Missing Critical Step in Authentication

ADVISORY - github

CWE-304⁠

Missing Critical Step in Authentication

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.