CVE-2026-43512

CRITICAL

9.8CVSS v3

—CVSS v2

0.14% EPSS (exploit probability)

CWE-592CWE

Description

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.
Older unsupported versions any also be affect

Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE