CVE-2026-43513
Essential information
- Published
- 12/05/2026 16:16
- Modified
- 12/05/2026 18:17
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.
Older unsupported versions may also be affected.
Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.
NVD status
- Status
- Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| apache / tomcat | cpe:2.3:a:apache:tomcat:11.0.0-M1:11.0.21:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:10.1.0-M1:10.1.54:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:9.0.0.M1:9.0.117:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:8.5.0:8.5.100:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:7.0.0:7.0.109:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:11.0.22:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:10.1.55:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:9.0.118:*:*:*:*:*:* |