Critical Apache Tomcat CVE-2026-24733 Enables Security Constraint Bypass via HTTP/0.9

Apache Tomcat patched CVE-2026-24733, a security constraint bypass vulnerability. Attackers use HTTP/0.9 requests to evade access controls. The flaw rated Low severity affects specific configurations. Tomcat accepts HTTP/0.9 HEAD requests when GET should block. HTTP/0.9 predates modern methods. It lacks headers and supports only GET normally. Tomcat processes HEAD over HTTP/0.9 without restriction. This bypasses […] The post Critical Apache Tomcat CVE-2026-24733 Enables Security Constraint Bypass via HTTP/0.9 appeared first on VPN Central.