CVE-2026-55276
Apache Tomcat Always-Incorrect Control Flow Implementation Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat could allow an attacker to improperly log web.xml configurations, potentially revealing sensitive information. This issue arises from how special roles and empty authorization constraints are handled during logging. Understanding the reachab