Vulnerability in Apache Software Foundation Tomcat
CVE-2026-55957
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache…
Affected products
- Apache Software Foundation Tomcat — versions 11.0.0-M1, 10.1.0-M1, 9.0.0.M1
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108