DEPRECATED: Authentication Bypass Issues

CVE-2026-43512

High

9.8/10

Summary

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-592 - DEPRECATED: Authentication Bypass Issues

This weakness has been deprecated because it covered redundant concepts already described in CWE-287.

References

Advisory
Mail Thread
Advisory

Advisory Timeline

Published May 12, 2026

DEPRECATED: Authentication Bypass Issues

CVE-2026-43512

Summary

CWE-592 - DEPRECATED: Authentication Bypass Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS