Apache Tomcat May Vulnerabilities Security Update Advisory

May 19 2026

Overview

A security update has been released that addresses a vulnerability in Apache Tomcat (a server that runs web applications). users of the affected products should update to the latest version.

Affected Products

Apache Tomcat 9.0.2 through 9.0.117.
Apache Tomcat 9.0.0.M1 – 9.0.117.
Apache Tomcat 11.0.0-M1 – 11.0.21.
Apache Tomcat 10.1.0-M1 – 10.1.54.

Resolved Vulnerabilities

A vulnerability in Apache Tomcat that could allow access by a non-existent user (CVE-2026-43512).
Vulnerability in Apache Tomcat where anomalous requests are not properly filtered (CVE-2026-41293).
A vulnerability in Apache Tomcat where access restrictions are not properly enforced (CVE-2026-43515).
Vulnerability in Apache Tomcat where user verification is not properly performed (CVE-2026-42498).
A vulnerability in Apache Tomcat that could allow secret values to be disclosed (CVE-2026-43514).
A vulnerability in Apache Tomcat that could allow account blocking to be bypassed (CVE-2026-43513).
A vulnerability in Apache Tomcat that could cause a service to crash due to excessive requests (CVE-2026-41284).

Patch Information

you should follow the security advisory published on May 12, 2026 and update to the latest version. the latest versions are Apache Tomcat 9.0.118, Apache Tomcat 11.0.22, and Apache Tomcat 10.1.55.

Apache Tomcat May Vulnerabilities Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Patch Information

Exim Product Security Update Advisory (CVE-2026-45185)

Linux Kernel Security Update Advisory (CVE-2026-31635)

Overview

Affected Products

Resolved Vulnerabilities

Patch Information

Tags:

Exim Product Security Update Advisory (CVE-2026-45185)

Linux Kernel Security Update Advisory (CVE-2026-31635)