tomcat11 (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package tomcat11, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2026-41293 — CVSS 9.8 (critical): Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1…
CVE-2026-43512 — CVSS 9.8 (critical): DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from…
CVE-2025-55754 — CVSS 9.6 (critical): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences…
CVE-2026-43515 — CVSS 9.1 (critical): Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This…
CVE-2025-66614 — CVSS 9.1 (critical): Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49…
CVE-2026-41284 — CVSS 7.5 (high): Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1…
CVE-2026-24734 — CVSS 7.5 (high): Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's…
CVE-2025-55752 — CVSS 7.5 (high): Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was…
CVE-2026-43513 — CVSS 7.5 (high): Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1…
CVE-2026-42498 — CVSS 7.3 (high): Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue…
CVE-2025-61795 — CVSS 5.3 (medium): Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the…
CVE-2026-24733 — CVSS 3.7 (low): Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security…
CVE-2026-43514 — CVSS 3.7 (low): Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1…