7.5
CVE-2026-34486
- EPSS 21.69%
- Veröffentlicht 09.04.2026 20:16:25
- Zuletzt bearbeitet 09.07.2026 13:17:00
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.69% | 0.973 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-807 Reliance on Untrusted Inputs in a Security Decision
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly
https://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-apache-tomcat
https://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-apache-tomcat
https://bugzilla.redhat.com/show_bug.cgi?id=2457027
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34486.json
https://access.redhat.com/errata/RHSA-2026:36787
https://access.redhat.com/errata/RHSA-2026:36788
https://access.redhat.com/errata/RHSA-2026:36789
https://access.redhat.com/errata/RHSA-2026:36790
https://access.redhat.com/errata/RHSA-2026:36876
https://access.redhat.com/errata/RHSA-2026:36877
https://access.redhat.com/errata/RHSA-2026:36878
https://access.redhat.com/errata/RHSA-2026:36879
https://access.redhat.com/errata/RHSA-2026:37136
https://access.redhat.com/errata/RHSA-2026:37137
https://access.redhat.com/security/cve/CVE-2026-34486