CVE-2026-43512 – Apache Tomcat
“Critical web server weaknesses can turn authentication and access controls into points of failure.”
Apache patched multiple Critical vulnerabilities in Apache Tomcat. CVE-2026-41293 has a CVSS score of 9.8, which is Critical severity. CVE-2026-43512 has a CVSS score of 9.8, which is Critical severity. CVE-2026-43515 has a CVSS score of 9.1, which is Critical severity.
The update addresses improper input validation, digest authentication bypass, and improper authorization when multiple method constraints define an HTTP method for the same extension. Successful exploitation could allow attackers to bypass authentication or authorization controls and gain access beyond intended restrictions. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Apache Tomcat
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-592