CVE-2026-43512CRITICAL 9.8EPSS p42.1%

CVE-2026-43512CVE-2026-43512

Description

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.56% probability of exploitation · percentile 42.1% · 2026-06-19T12:03:05Z
Published2026-05-12
Last modified2026-05-15

Underlying weaknesses· 1

CWE-592

References

  1. https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73
  2. http://www.openwall.com/lists/oss-security/2026/05/12/8

1

TypeTargetConfidenceTier
WeaknessDEPRECATED: Authentication Bypass Issuescwe-5920%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-43515
CVE
CVE-2026-29145
CVE
CVE-2026-41293
CVE
CVE-2025-31651
CVE
CVE-2025-66614
CVE
CVE-2025-55754
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.