CVEFinder.io

CVE-2026-41284

⚠️ high
πŸ” Scan for this CVE
Summary

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-17
πŸ“Š Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 328,009 vulnerabilities in our database.

#101,817
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
YES
Can be exploited automatically
πŸ’₯ Technical Impact
Partial
Limited system impact
πŸ† Discovered By
Dariusz GoΕ„da
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-770

πŸ“¦ Affected Products 6

Vendor Product Status Affected Versions
apache tomcat Affected
> 10.0.0 < 10.0.27
apache tomcat Affected
> 10.1.0 < 10.1.55
apache tomcat Affected
> 11.0.0 < 11.0.22
apache tomcat Affected
> 4.0.0 < 7.0.109
apache tomcat Affected
> 8.5.0 < 8.5.100
apache tomcat Affected
> 9.0.0 < 9.0.118

πŸ”— References 2

https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s...
Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/1...
Mailing List Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-41293 β›” critical 9.8 0.2 Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0... 2026-05-12
CVE-2026-42498 ⚠️ high 7.3 0.1 Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomca... 2026-05-12
CVE-2026-43512 β›” critical 9.8 0.1 DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Ap... 2026-05-12
CVE-2026-43513 ⚠️ high 7.5 0.1 Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat:... 2026-05-12
CVE-2026-43514 ℹ️ low 3.7 0.1 Observable Timing Discrepancy vulnerabilityΒ when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomc... 2026-05-12
CVE-2026-43515 β›” critical 9.1 0.1 Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Ap... 2026-05-12
These CVEs affect the same products