Search CVE reports


Toggle filters

1 – 10 of 101 results


CVE-2026-59084

Medium priority
Needs evaluation

Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23,...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-59083

Medium priority
Needs evaluation

Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23,...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-55957

Medium priority
Needs evaluation

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-55956

Medium priority
Needs evaluation

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-55955

Medium priority
Needs evaluation

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-55276

Medium priority

Some fixes available 2 of 15

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Fixed
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-53434

Medium priority
Needs evaluation

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-53404

Medium priority

Some fixes available 2 of 15

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Fixed
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-50229

Medium priority

Some fixes available 2 of 15

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Fixed
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Needs evaluation Not in release
tomcat11 Needs evaluation Not in release Not in release
Show less packages

CVE-2026-43515

Medium priority

Some fixes available 14 of 17

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54,...

6 affected packages

tomcat8, tomcat9, tomcat10, tomcat11, tomcat6, tomcat7

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat8 Not in release Not in release Not in release Fixed
tomcat9 Fixed Fixed Fixed Fixed Fixed
tomcat10 Fixed Fixed Not in release
tomcat11 Fixed Not in release Not in release
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
Show less packages