Auth bypass in Apache Software Foundation Tomcat
CVE-2026-55956
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0…
Affected products
- Apache Software Foundation Tomcat — versions 11.0.0-M1, 10.1.0-M1, 9.0.0.M1
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108