CLEANSTART-2026-IS05941

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-IS05941.json
JSON Data
https://api.osv.dev/v1/vulns/CLEANSTART-2026-IS05941
Upstream
  • CVE-2025-41254
  • CVE-2026-1225
  • CVE-2026-22735
  • CVE-2026-22737
  • CVE-2026-29145
  • CVE-2026-34483
  • CVE-2026-34487
  • CVE-2026-4923
  • CVE-2026-4926
  • CVE-2026-5588
  • ghsa-6rw7-vpxm-498p
  • ghsa-72hv-8253-57qq
  • ghsa-73rr-hh4g-fpgx
  • ghsa-8qq5-rm4j-mr97
  • ghsa-wqch-xfxh-vrr4
Published
2026-04-23T00:39:55.461024Z
Modified
2026-04-23T05:02:27.775506Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native
Details

Multiple security vulnerabilities affect the thingsboard package. CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. See references for individual vulnerability details.

References

Affected packages

CleanStart / thingsboard

Package

Name
thingsboard

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.0.1-r2

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-IS05941.json"