7.5

CVE-2026-34487

EPSS 0.09%
Veröffentlicht 09.04.2026 20:16:25
Zuletzt bearbeitet 14.04.2026 12:44:45
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.

Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 9.0.13 < 9.0.117

Apache ≫ Tomcat Version >= 10.1.0 < 10.1.54

Apache ≫ Tomcat Version >= 11.0.0 < 11.0.21

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.255

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2026/04/09/28

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2026-34487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34487

EUVD