9.1

CVE-2026-43515

EPSS 0.07%
Veröffentlicht 12.05.2026 15:33:23
Zuletzt bearbeitet 15.05.2026 15:52:05
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat: Security constraints not correctly applied

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.

Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 7.0.0 <= 7.0.109

Apache ≫ Tomcat Version >= 8.5.0 <= 8.5.100

Apache ≫ Tomcat Version >= 9.0.0 < 9.0.118

Apache ≫ Tomcat Version >= 10.1.0 < 10.1.55

Apache ≫ Tomcat Version >= 11.0.0 < 11.0.22

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.22

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2026/05/12/11

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2026-43515

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43515

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43515

EUVD