CVE-2026-40542

Apache HttpClient 5.6 is affected by a missing step in SCRAM-SHA-256 mutual authentication, allowing a client to accept authentication without proper mutual verification. The issue impacts the 5.6 release and is fixed by upgrading to version 5.6.1. Affected component: Apache HttpClient (Java), v5...