Apache Tomcat Native

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-29145 CRITICAL PATCH GHSA Act Now

Authentication bypass in Apache Tomcat 9.x through 11.x and Tomcat Native 1.1.23-2.0.13 allows unauthenticated remote attackers to bypass CLIENT_CERT authentication when soft-fail is disabled, achieving unauthorized access to confidentiality- and integrity-sensitive resources. Exploitation requires no user interaction or privileges (CVSS:3.1 PR:N/UI:N). The flaw affects CLIENT_CERT authentication logic, permitting access under conditions where authentication should fail. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.04%).

Apache Tomcat Authentication Bypass Apache Tomcat Apache Tomcat Native
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-29145
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Authentication bypass in Apache Tomcat 9.x through 11.x and Tomcat Native 1.1.23-2.0.13 allows unauthenticated remote attackers to bypass CLIENT_CERT authentication when soft-fail is disabled, achieving unauthorized access to confidentiality- and integrity-sensitive resources. Exploitation requires no user interaction or privileges (CVSS:3.1 PR:N/UI:N). The flaw affects CLIENT_CERT authentication logic, permitting access under conditions where authentication should fail. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.04%).

Apache Tomcat Authentication Bypass +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy