Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 551
Alerts This Week
Warning Icon 1 551

Ubuntu Tomcat Important Security Flaws CVE-2026-43515 CVE-2026-50229

ubuntu
Calendar Grey July 15, 2026
Dist Ubuntu Esm H88
Several security issues in Tomcat on Ubuntu could be exploited, necessitating prompt updates to prevent unauthorized access and script injections.
Several security issues were fixed in Tomcat.

Summary

Several security issues were fixed in Tomcat.

Software Description:

- tomcat8: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled authorization when

multiple method constraints defined the same HTTP method. A remote

attacker could possibly use this issue to bypass authorization

restrictions. (CVE-2026-43515)

It was discovered that the Tomcat number guess example application did

not properly sanitize user-supplied input. An attacker could possibly

use this issue to inject malicious scripts, resulting in cross-site

scripting. (CVE-2026-50229)

It was discovered that Tomcat incorrectly evaluated rewrite valve

conditions in certain configurations. An attacker could possibly use

this issue to bypass rewrite rules, resulting in unauthorized access.

(CVE-2026-53404)

It was discovered that Tomcat incorrectly omitted certain authorization

information when logging the effective web.xml configuration. An

attacker could possibly use this issue to hide author...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  libtomcat8-embed-java           8.5.39-1ubuntu1~18.04.3+esm6
                                  Available with Ubuntu Pro
  libtomcat8-java                 8.5.39-1ubuntu1~18.04.3+esm6
                                  Available with Ubuntu Pro
  tomcat8-examples                8.5.39-1ubuntu1~18.04.3+esm6
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libtomcat8-java                 8.0.32-1ubuntu1.13+esm2
                                  Available with Ubuntu Pro
  tomcat8-examples                8.0.32-1ubuntu1.13+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8551-1

CVE-2026-43515, CVE-2026-50229, CVE-2026-53404, CVE-2026-55276

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8551-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.