CVE Vulnerabilities

CVE-2026-43512

DEPRECATED: Authentication Bypass Issues

Published: May 12, 2026 | Modified: May 15, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect

Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Weakness

This weakness has been deprecated because it covered redundant concepts already described in CWE-287.

Affected Software

NameVendorStart VersionEnd Version
TomcatApache7.0.0 (including)7.0.109 (including)
TomcatApache8.5.0 (including)8.5.100 (including)
TomcatApache9.0.0 (including)9.0.118 (excluding)
TomcatApache10.1.0 (including)10.1.55 (excluding)
TomcatApache11.0.0 (including)11.0.22 (excluding)
Red Hat Hardened ImagesRedHattomcat11-main-11.0.22-0.1.hum1*
Red Hat Hardened ImagesRedHattomcat10-main-10.1.55-1.hum1*
Red Hat OpenShift Dev Spaces 3.28RedHatdevspaces/server-rhel9:1780694994*
Tomcat10Ubuntuesm-apps/noble*
Tomcat10Ubuntuesm-apps/resolute*
Tomcat10Ubuntunoble*
Tomcat10Ubuntuquesting*
Tomcat10Ubunturesolute*
Tomcat10Ubuntuupstream*
Tomcat11Ubuntuesm-apps/resolute*
Tomcat11Ubuntuquesting*
Tomcat11Ubunturesolute*
Tomcat11Ubuntuupstream*
Tomcat6Ubuntuesm-infra-legacy/trusty*
Tomcat6Ubuntuupstream*
Tomcat7Ubuntuesm-apps-legacy/xenial*
Tomcat7Ubuntuesm-infra-legacy/trusty*
Tomcat7Ubuntuupstream*
Tomcat8Ubuntuesm-apps/bionic*
Tomcat8Ubuntuesm-infra-legacy/xenial*
Tomcat8Ubuntuupstream*
Tomcat9Ubuntuesm-apps/bionic*
Tomcat9Ubuntuesm-apps/focal*
Tomcat9Ubuntuesm-apps/jammy*
Tomcat9Ubuntuesm-apps/noble*
Tomcat9Ubuntuesm-apps/resolute*
Tomcat9Ubuntujammy*
Tomcat9Ubuntunoble*
Tomcat9Ubuntuquesting*
Tomcat9Ubunturesolute*
Tomcat9Ubuntuupstream*

References