Apache Tomcat has disclosed CVE-2026-24733, a Low-severity security constraint bypass that can be triggered via HTTP/0.9 requests when certain access-control rules are configured in a specific way. The Apache Tomcat security team identified the issue, and the original advisory was published on 2026-02-17. At a high level, the vulnerability stems from Tomcat not restricting HTTP/0.9 […] The post Apache Tomcat Vulnerabilities Let Attackers Bypass Security Constraints via HTTP/0.9 Requests appeared first on Cyber Security News.