CVE-2026-43512

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0

Description An authentication bypass issue exists in the digest authentication mechanism. There have been reports of increased actor activities targeting this flaw.

Recommendations Upgrade versions 11.0.0-M1 through 11.0.21 to 11.0.22. Upgrade versions 10.1.0-M1 through 10.1.54 to 10.1.55. Upgrade versions 9.0.0.M1 through 9.0.117 to 9.0.118.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-592CWE-287

Related Identifiers

BIT-TOMCAT-2026-43512

CVE-2026-43512

GHSA-H6FC-48RJ-7QQH

OESA-2026-2296

OPENSUSE-SU-2026:10925-1

OPENSUSE-SU-2026:10926-1

OPENSUSE-SU-2026:10927-1

Affected Products

Apache Tomcat

CVE-2026-43512

Weakness Enumeration

Related Identifiers

Affected Products

References · 37