Main Vulnerability Database Exploits ID:12771 - Exploit for Improper Authentication in Apache Tomcat - CVE-2026-43512

ID:12771 - Exploit for Improper Authentication in Apache Tomcat - CVE-2026-43512

Published: June 23, 2026

Vulnerability identifier: #VU131180

Vulnerability risk: Medium

CVE-ID: CVE-2026-43512

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Apache Tomcat

Link to public exploit:

https://github.com/covepseng/cve-2026-43512-poc

Vulnerability description

The vulnerability allows a remote attacker to authenticate as an unknown user.

The vulnerability exists due to improper authentication in the DIGEST authenticator when processing authentication for users not known to the configured Realm. A remote attacker can submit the password "null" for an unknown user to authenticate as an unknown user.

This occurs only when DIGEST authentication is configured.

Remediation

Install security update from vendor's website.

ID:12771 - Exploit for Improper Authentication in Apache Tomcat - CVE-2026-43512

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human