CVE-2026-43513

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109

Description Improper handling of case sensitivity in the LockOutRealm component.

Recommendations Upgrade versions 11.0.0-M1 through 11.0.21 to 11.0.22. Upgrade versions 10.1.0-M1 through 10.1.54 to 10.1.55. Upgrade versions 9.0.0.M1 through 9.0.117 to 9.0.118.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-178

Related Identifiers

BIT-TOMCAT-2026-43513

CVE-2026-43513

GHSA-5MP6-JRQ3-R938

OESA-2026-2296

OPENSUSE-SU-2026:10925-1

OPENSUSE-SU-2026:10926-1

OPENSUSE-SU-2026:10927-1

Affected Products

Apache Tomcat

CVE-2026-43513

Weakness Enumeration

Related Identifiers

Affected Products

References · 32