
Security
Jul 1, 2026
Apache Tomcat CVE Round-Up: 7 Vulnerabilities Disclosed June 2026, Including CVE-2026-55957
An Important authentication bypass in the JNDIRealm, a Moderate default servlet security constraint bypass, and five more findings across the EncryptInterceptor, RewriteValve, FFM connector, examples webapp, and effective web.xml logging. Here is what changed, what affects end-of-life Tomcat 8.5, and who needs to act.

Greg Allen