Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 15, 2026

CVE-2026-43512

Description

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect

Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Affected products

Apache/Tomcatinferred
Range: >=8.5.0,<=11.0.21

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2026/05/12/8nvdMailing ListThird Party Advisory
lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73nvdMailing ListVendor Advisory

News mentions

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
The Hacker News · May 11, 2026
Weaver E-cology critical bug exploited in attacks since March
BleepingComputer · May 4, 2026
Siemens SIMATIC
CISA Alerts

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000