Search CVE reports

11 – 20 of 92 results

Detailed view

Sort by:

CVE-2026-34483

Medium priority

Vulnerable

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Not affected
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat11	Vulnerable	Not in release	Not in release	—	—
tomcat9	Vulnerable	Not affected	Not affected	Not affected	Not affected

CVE-2026-32990

Medium priority

Vulnerable

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Not affected
tomcat10	Not affected	Not affected	Not in release	—	—
tomcat11	Vulnerable	Not in release	Not in release	—	—
tomcat9	Vulnerable	Not affected	Not affected	Not affected	Not affected

CVE-2026-29146

Medium priority

Vulnerable

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Vulnerable
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat11	Vulnerable	Not in release	Not in release	—	—
tomcat9	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2026-29145

Medium priority

Vulnerable

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18,...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Not affected
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat11	Vulnerable	Not in release	Not in release	—	—
tomcat9	Vulnerable	Not affected	Not affected	Not affected	Not affected

CVE-2026-29129

Medium priority

Vulnerable

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Not affected
tomcat10	Not affected	Not affected	Not in release	—	—
tomcat11	Vulnerable	Not in release	Not in release	—	—
tomcat9	Vulnerable	Not affected	Not affected	Not affected	Not affected

CVE-2026-25854

Medium priority

Vulnerable

Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52,...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Vulnerable
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat11	Vulnerable	Not in release	Not in release	—	—
tomcat9	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2026-24880

Medium priority

Vulnerable

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Vulnerable
tomcat8	Not in release	Not in release	Not in release	—	Vulnerable
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat11	Vulnerable	Not in release	Not in release	—	—
tomcat9	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2026-24734

Medium priority

Vulnerable

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Not affected
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat9	Not affected	Not affected	Not affected	Not affected	Not affected
tomcat11	Not affected	Not in release	Not in release	Not in release	Not in release

CVE-2026-24733

Medium priority

Vulnerable

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Not affected
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tomcat11	Not affected	Not in release	Not in release	Not in release	Not in release

CVE-2025-66614

Medium priority

Vulnerable

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—	—
tomcat7	Not in release	Not in release	Not in release	—	Not affected
tomcat8	Not in release	Not in release	Not in release	—	Vulnerable
tomcat10	Vulnerable	Vulnerable	Not in release	—	—
tomcat11	Not affected	Not in release	Not in release	Not in release	Not in release
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable	Vulnerable

Export to JSON

Results by page: