- 138/202
- Critical
Apache Tomcat has released a security update to address several vulnerabilities affecting Apache Tomcat.
The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, obtain sensitive information, bypass security restrictions, or gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Apache Tomcat Digest Authentication Bypass Vulnerability (CVE-2026- 43512):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Apache Tomcat HTTP/2 Request Header Validation Vulnerability (CVE-2026- 41293):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2026-43512
- CVE-2026-43513
- CVE-2026-43514
- CVE-2026-43515
- CVE-2026-42498
- CVE-2026-41293
- CVE-2026-41284
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.