Apache: >> Httpclient >> 5.6 Security Vulnerabilities
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-04-22