CVE-2026-43515
In Apache Tomcat, when multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. A remote attacker could exploit this to bypass intended security restrictions for information or actions within the application...