Known Vulnerabilities for Apache Tomcat by Apache Software Foundation
Listed below are 10 of the newest known vulnerabilities associated with "Apache Tomcat" by "Apache Software Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-55957 json | Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate bind... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-55956 json | Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignorin... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-55955 json | Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the clust... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-55276 json | Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation ... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-53434 json | Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. ... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-53404 json | Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-50229 json | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for A... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-43515 json | Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache ... | Not Provided | 2026-05-12 | 2026-05-14 |
| CVE-2026-43514 json | Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: f... | Not Provided | 2026-05-12 | 2026-05-13 |
| CVE-2026-43513 json | Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from... | Not Provided | 2026-05-12 | 2026-05-14 |