Package impact

MAVEN / org.apache.tomcat:tomcat

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-43512	critical	9.8	9.8	15d ago	Apache Tomcat - Digest authenticator will authenticate any unknown user
CVE-2026-41293	critical	9.8	9.8	15d ago	Apache Tomcat - HTTP/2 request headers not validated
CVE-2025-55754	critical	9.6	9.6	9d ago	Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences	+1
CVE-2026-29145	critical	—	9.5	2mo ago	Apache Tomcat: CLIENT_CERT authentication does not fail as expected
CVE-2026-43515	critical	9.1	9.1	15d ago	Apache Tomcat - Security constraints not correctly applied