Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache Struts allows unauthorized access due to rejected reasons not checked
CVE-2025-68126
Summary
Apache Struts does not properly validate rejected reasons in certain situations, potentially allowing an attacker to bypass authentication and gain unauthorized access to sensitive data. This issue affects systems running Apache Struts, which can be exploited by malicious users. Update to the latest version of Apache Struts to mitigate this issue.
Original title
Rejected reason: reserved but not needed
Original description
Rejected reason: reserved but not needed
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026