PT-2026-40071 · Apache+4 · Apache Tomcat+4

Published

2026-05-12

·

Updated

2026-06-29

·

CVE-2026-43512

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0
Description An authentication bypass issue exists in the digest authentication mechanism. There have been reports of increased actor activities targeting this flaw.
Recommendations Upgrade versions 11.0.0-M1 through 11.0.21 to 11.0.22. Upgrade versions 10.1.0-M1 through 10.1.54 to 10.1.55. Upgrade versions 9.0.0.M1 through 9.0.117 to 9.0.118.

Exploit

Fix

DoS

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-08081
BIT-TOMCAT-2026-43512
CVE-2026-43512
GHSA-H6FC-48RJ-7QQH
OESA-2026-2296
OPENSUSE-SU-2026:10925-1
OPENSUSE-SU-2026:10926-1
OPENSUSE-SU-2026:10927-1
OPENSUSE-SU-2026:21117-1
OPENSUSE-SU-2026:21121-1
OPENSUSE-SU-2026:21122-1
RHSA-2026:13745
RHSA-2026:16528
SUSE-SU-2026:22195-1
SUSE-SU-2026:22196-1
SUSE-SU-2026:22197-1
SUSE-SU-2026:2299-1
SUSE-SU-2026:2374-1
SUSE-SU-2026:2377-1
SUSE-SU-2026:2675-1
USN-8383-1
USN-8417-1

Affected Products

Apache Tomcat
Confluence
Linuxmint
Red Os
Ubuntu