2 matches found
CVE-2026-55276
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
Fixed in Apache Tomcat 11.0.23
Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit 3f6bd2ba. This issue was reported to the Tomc...