CVE-2026-43515

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109

Description Improper Authorization occurs when multiple method constraints define an HTTP method for the same extension.

Recommendations Upgrade versions 11.0.0-M1 through 11.0.21 to 11.0.22. Upgrade versions 10.1.0-M1 through 10.1.54 to 10.1.55. Upgrade versions 9.0.0.M1 through 9.0.117 to 9.0.118.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BIT-TOMCAT-2026-43515

CVE-2026-43515

GHSA-5M62-PW8W-7W9F

OESA-2026-2296

OPENSUSE-SU-2026:10925-1

OPENSUSE-SU-2026:10926-1

OPENSUSE-SU-2026:10927-1

Affected Products

Apache Tomcat

CVE-2026-43515

Weakness Enumeration

Related Identifiers

Affected Products

References · 36