Apache Tomcat DIGEST Auth: The Bypass That Doesn't Bypass
CVE-2026-43512
Even if digest hashes match, authentication still fails. This post documents why CVE-2026-43512 is a confirmed bug but not a confirmed bypass.
Exploitability Analysis & Product Security Research
Beyond PoCs.
Real impact.
Every week, advisories label vulnerabilities CRITICAL. Few people verify if they actually are. This blog does.
Latest Research
All posts โWhat this blog is about
Every week, advisories rate vulnerabilities as CRITICAL. Few people verify whether they are actually exploitable. This blog documents that verification process โ with real containers, real source code references, and honest verdicts.
Written by a product security engineer. No hype. No speculation. Beyond PoCs. Real impact.
1
CVEs analysed
0
Exploitable
1
Not exploitable